Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a guide or map to understand Splunk's internal indexes and their log content?

feickertmd
Communicator
‎11-21-2014 10:16 AM

Does there exist some sort of map or guide to understanding Splunk's internal indexes (_internal, _audit, _introspection)? Something like:
_internal
sourcetypes
splunkd
fields
per_user_thruput (description of value data)

I have found and been given a few great examples as well as hacked up some splunk on splunk dashboards, but I would like to know what logs contain what so that we can build some additional auditing reports.

Reply
1 Solution
Solved! Jump to solution
Solution

halr9000
Motivator
‎11-21-2014 01:13 PM

Actually, with version 6.0 some of what you want exists as sample data models included in the Search app. Go to Settings / Data Models, and choose the Search app and you'll see this:

alt text

View solution in original post

Preview file
35 KB
Reply
Solved! Jump to solution
Solution

halr9000
Motivator
‎11-21-2014 01:13 PM

Actually, with version 6.0 some of what you want exists as sample data models included in the Search app. Go to Settings / Data Models, and choose the Search app and you'll see this:

alt text

Preview file
35 KB
Reply
Solved! Jump to solution

feickertmd
Communicator
‎11-24-2014 06:07 AM

A thing of beauty!

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-21-2014 10:38 AM

There is a topic in the Troubleshooting Manual that provides a summary of what Splunk Enterprise logs about itself, with links to more detailed information when it is available. Is that the material you are looking for?

Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-21-2014 10:51 AM

Got it. There is some additional information in the topics that follow the one I previously linked, including some field information, but there isn't any comprehensive reference to the log files and fields in the documentation.

0 Karma
Reply
Solved! Jump to solution

feickertmd
Communicator
‎11-21-2014 10:47 AM

Close, but no cigar. It does tell me what logs it covers, but very little about what those logs contain or what their fields represent.

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...