Searching In Splunk - Concepts
As you can see in the above screenshot, there are default fields (Host, Source, Sourcetype and Time) which gets added after indexing. Let us understand these default fields:
- Host: Host is a machine or an appliance IP address name from where the data comes. In the above screenshot, My-Machine is the host.
- Source: Source is where the host data comes from. It is the full pathname or a file or directory within a machine.
For example: C:Splunkemp_data.txt - Sourcetype: Sourcetype identifies the format of the data, whether it is a log file, XML, CSV or a thread field. It contains the data structure of the event.
For example: employee_data - Index: It is the name of the index where the raw data is indexed. If you don’t specify anything, it goes into a default index.
- Time: It is a field which displays the time at which the event was generated. It is barcoded with every event and cannot be changed. You can rename or slice it for a period of time in order to change its presentation.
For example: 5/3/20 4:47:40 represents the timestamp of a particular event.
example of dashboard
Searching In Splunk - Concepts
Reviewed by ohhhvictor
on
May 08, 2020
Rating:
Reviewed by ohhhvictor
on
May 08, 2020
Rating:
No comments: