The Locate Data app provides a quick way to see how your events are organized in Splunk. Use Locate Data when you do not know which data sources contain the data that you are interested in, or to see what data your Indexes, Source types, Sources, and Hosts contain. You can leverage the keyword search to locate specific events within your instance or filter by data source. After data is returned, you can expand each entry to see details such as a timeline, sample, and top fields for the given category. Use Locate Data to: * Understand how all of my data is organized in Splunk (running an 'empty' locate search). * Find what index and sourcetypes the events from host 'XYZ' are being written to in Splunk. * Locate where my custom app events are being written to (search the keyword 'custom_app'). Locate Data uses the Splunk tstats command, so results are returned much faster than a traditional search.