Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a guide or map to understand Splunk's internal indexes and their log content?

feickertmd
Communicator
‎11-21-2014 10:16 AM

Does there exist some sort of map or guide to understanding Splunk's internal indexes (_internal, _audit, _introspection)? Something like:
_internal
sourcetypes
splunkd
fields
per_user_thruput (description of value data)

I have found and been given a few great examples as well as hacked up some splunk on splunk dashboards, but I would like to know what logs contain what so that we can build some additional auditing reports.

Reply
1 Solution
Solved! Jump to solution
Solution

halr9000
Motivator
‎11-21-2014 01:13 PM

Actually, with version 6.0 some of what you want exists as sample data models included in the Search app. Go to Settings / Data Models, and choose the Search app and you'll see this:

alt text

View solution in original post

Preview file
35 KB
Reply
Solved! Jump to solution
Solution

halr9000
Motivator
‎11-21-2014 01:13 PM

Actually, with version 6.0 some of what you want exists as sample data models included in the Search app. Go to Settings / Data Models, and choose the Search app and you'll see this:

alt text

Preview file
35 KB
Reply
Solved! Jump to solution

feickertmd
Communicator
‎11-24-2014 06:07 AM

A thing of beauty!

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-21-2014 10:38 AM

There is a topic in the Troubleshooting Manual that provides a summary of what Splunk Enterprise logs about itself, with links to more detailed information when it is available. Is that the material you are looking for?

Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-21-2014 10:51 AM

Got it. There is some additional information in the topics that follow the one I previously linked, including some field information, but there isn't any comprehensive reference to the log files and fields in the documentation.

0 Karma
Reply
Solved! Jump to solution

feickertmd
Communicator
‎11-21-2014 10:47 AM

Close, but no cigar. It does tell me what logs it covers, but very little about what those logs contain or what their fields represent.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...