Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Websites that describes about Interesting Fields?

keldridg2
New Member
‎08-16-2019 07:02 AM

Is there a website on Splunk docs that describe about interesting fields and what each field is about? I did research on trying to find what these field names are but still I do not know what they do. Some of the interesting fields I do not understand are RecordNumber and package.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-16-2019 08:02 AM

There can be no such Splunk document. Field names and their contents vary wildly depending on the source of the data. To find out what a 'RecordNumber' or a 'package' is you would have to consult the documentation of the product that produced those fields.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-16-2019 08:02 AM

There can be no such Splunk document. Field names and their contents vary wildly depending on the source of the data. To find out what a 'RecordNumber' or a 'package' is you would have to consult the documentation of the product that produced those fields.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

keldridg2
New Member
‎08-16-2019 08:12 AM

Basically just look at where the information form that product is coming from in order to make sense of what that field name is about. Sometimes with the documentation I see these fields being used like the other people know what that person means and question how they do know what there purpose of their function.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-16-2019 08:40 AM

Basically, yes. Product documentation is often written for people already familiar with the product (not so much with Spunk) so it helps to find a person with experience using that product to help you make sense of the data.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

keldridg2
New Member
‎08-16-2019 08:50 AM

Thanks for the help.

0 Karma
Reply
Solved! Jump to solution

solarboyz1
Builder
‎08-16-2019 08:00 AM

Interesting fields, are just the other fields extracted from the events.

Information on the fields extracted from an event, if available, would be found in the documentation of the add-on used to extract the fields.

You may need to go back to the documentation of the application/appliance/etc producing the events.

NOTE: Some sourcetype, like weblogs that contain text that gets recognized as key=value pairs. For example a CGI web request :

/en-US/app/search/search?display.general.type=statistics&display.page.search.tab=statistics&display.page.search.mode=fast&dispatch.sample_ratio=1

Splunk by default will extract these key=value pairs, and if enough events contain them, they would show up under interesting fields. Despite the fact that the fields are not actually valid fields for that event.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...