Splunk® Mission Control

Get Data into Splunk Mission Control

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Where data is stored in Splunk Mission Control

Data added to Splunk Mission Control is accessible in various indexes. Except for the audit index, indexes correspond to labels to control access. See Manage access and permissions for users of Splunk Mission Control for more details about labels and access controls.

The following indexes exist in Splunk Mission Control:

Index name Details
mc_audit Contains audit-related data. See Monitor and audit activities in Splunk Mission Control.
label_<label_key> Contains notable-related data. When you add a label to Splunk Mission Control, an index for that label that corresponds to the label key is created. If you want to search the label index directly, locate the label key on the Labels page in Splunk Mission Control, and transform it according to this example:
Label Name Label Key Label Index
ES Notable es_notable label_es_notable

When searching for data contained in label indexes, don't search the indexes directly. Instead, specify a sourcetype to search specific types of data. This table describes the sourcetypes available:

Sourcetype name Description
notable Contains notables that were added to Splunk Mission Control prior to July 22, 2020.
notable_index Contains notables added to Splunk Mission Control after and including July 22, 2020.

For more details about labels, see Add labels in Splunk Mission Control to restrict access to notables.

Last modified on 29 September, 2021
PREVIOUS
Get data into Splunk Mission Control
  NEXT
Get data into Splunk Mission Control from Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Mission Control: Current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters