Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a guide or map to understand Splunk's internal indexes and their log content?

feickertmd
Communicator
‎11-21-2014 10:16 AM

Does there exist some sort of map or guide to understanding Splunk's internal indexes (_internal, _audit, _introspection)? Something like:
_internal
sourcetypes
splunkd
fields
per_user_thruput (description of value data)

I have found and been given a few great examples as well as hacked up some splunk on splunk dashboards, but I would like to know what logs contain what so that we can build some additional auditing reports.

Reply
1 Solution
Solved! Jump to solution
Solution

halr9000
Motivator
‎11-21-2014 01:13 PM

Actually, with version 6.0 some of what you want exists as sample data models included in the Search app. Go to Settings / Data Models, and choose the Search app and you'll see this:

alt text

View solution in original post

Preview file
35 KB
Reply
Solved! Jump to solution
Solution

halr9000
Motivator
‎11-21-2014 01:13 PM

Actually, with version 6.0 some of what you want exists as sample data models included in the Search app. Go to Settings / Data Models, and choose the Search app and you'll see this:

alt text

Preview file
35 KB
Reply
Solved! Jump to solution

feickertmd
Communicator
‎11-24-2014 06:07 AM

A thing of beauty!

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-21-2014 10:38 AM

There is a topic in the Troubleshooting Manual that provides a summary of what Splunk Enterprise logs about itself, with links to more detailed information when it is available. Is that the material you are looking for?

Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-21-2014 10:51 AM

Got it. There is some additional information in the topics that follow the one I previously linked, including some field information, but there isn't any comprehensive reference to the log files and fields in the documentation.

0 Karma
Reply
Solved! Jump to solution

feickertmd
Communicator
‎11-21-2014 10:47 AM

Close, but no cigar. It does tell me what logs it covers, but very little about what those logs contain or what their fields represent.

Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...