Does there exist some sort of map or guide to understanding Splunk's internal indexes (internal, _audit, _introspection)? Something like:
peruserthruput (description of value data)`
I have found and been given a few great examples as well as hacked up some splunk on splunk dashboards, but I would like to know what logs contain what so that we can build some additional auditing reports.
There is a topic in the Troubleshooting Manual that provides a summary of what Splunk Enterprise logs about itself, with links to more detailed information when it is available. Is that the material you are looking for?
Close, but no cigar. It does tell me what logs it covers, but very little about what those logs contain or what their fields represent.
Got it. There is some additional information in the topics that follow the one I previously linked, including some field information, but there isn't any comprehensive reference to the log files and fields in the documentation.