Topics

Toolbox

Splunk > The IT Search Company

Search and navigate IT data from applications, servers and network devices in real-time.
Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Download manuals in other languages

Documentation | Discussion | View source | History

About events

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13

About events

Events are records of activity within log files, and they are what is primarily indexed by Splunk. They provide information about the systems that have produced these log files. We often refer to the output of the indexing process as "event data."

Here's a sample event:

172.26.34.223 - - [01/Jul/2005:12:05:27 -0700] "GET /trade/app?action=logout HTTP/1.1" 200 2953

When Splunk indexes events, it:

Identifies event timestamps (and applies timestamps to events if they do not exist).
Performs event segmentation.
Recognizes multi-line events and performs linebreaking as appropriate.
Extracts a set of useful standard fields such as host, source, and sourcetype.

In this topic we'll provide brief overviews of these activities and show you where to go for more information about them.

For an overview of the Splunk indexing process, see the "Indexing and event processing" chapter of the Admin manual.

Retrieved from "http://www.splunk.com/base/Documentation/3.4.10/Knowledge/Aboutevents"

Categories: V:3.4.10 | V:3.4.11 | V:3.4.12 | V:3.4.13

Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons