event processing


Event processing covers everything that happens to your data between the time you define an input and the time the data appears in the Splunk index. At index time, Splunk software organizes and structures your data, including processing multiline events, extracting important fields such as the timestamp, and compressing the data.

The Splunk Web data preview tool is available in both Splunk Enterprise and Splunk Cloud Platform. Data preview lets you configure the format of your event data before processing. Use it to see how your processed events will look and make adjustments to improve the formatting of the data.

In Splunk Enterprise, you can configure and customize event processing using configuration files.

After the data is in the index, you can add additional knowledge to your events, such as fields, tags, and event types.

