Splunk® Cloud Services

SPL2 Search Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Built-in datasets

The Splunk platform comes with a set of built-in datasets that you can use. For example, there are default datasets for event and metric data, as well as catalog datasets which store metadata about datasets, source types, sources, hosts and other knowledge objects.

The following table describes the built-in datasets:

Built-in datasets Dataset kind Description
main index The default index for events that are ingested into the Splunk platform.
metrics metric The default index for metrics that are ingested into the Splunk platform.
geo.hex lookup Use this lookup dataset to map locations to hexagonal coordinate systems, typically to render on a geographic map.
geo.iplocation lookup Use this lookup dataset to map an IP address to a physical location. Using this dataset in SPL2 is similar to using the iplocation command in SPL.
catalog.* catalog Datasets in the catalog module are always referred to by the module name followed by the dataset name, using the syntax <module-name>.<dataset-name>. Use these datasets to read information in the Metadata Catalog service using SPL2. For example, catalog.datasets is a dataset in the catalog module that contains metadata about all of the datasets known to the Metadata Catalog service.
catalog.metrics catalog This dataset is in the catalog module. Use this dataset to find metadata about the content of any metrics indexes. Searching the catalog.metrics dataset with the SPL2 FROM command is like using the mcatalog command in SPL.
catalog.sourcetypes

catalog.sources
catalog.hosts

splv1source These datasets are in the catalog module. Use these datasets to read metadata about the source types, sources, or hosts found in indexes that you have access to. Searching these datasets in SPL2 is like using the metadata command in SPL.
ingest.events splv1sink This dataset is in the ingest module. Use this dataset to write information to the Splunk Data Stream Processor (DSP) pipelines for ingesting events.
ingest.metrics splv1sink This dataset is in the ingest module. Use this dataset to write information to the Splunk DSP pipelines for ingesting metrics.

See also

Related information
Datasets
Dataset literals
Dataset functions
Last modified on 12 July, 2021
PREVIOUS
Datasets 		  NEXT
Dataset literals

This documentation applies to the following versions of Splunk® Cloud Services: current

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters