Splunk Enterprise is a powerful platform for ingesting, querying, and analyzing data. There are many ways that custom data streams or static data sets can be consumed and navigated which grants users with much flexibility. If you are using Splunk as your web-platform for NTerminal data, it is first important to familiarize yourself with some of the basic concepts and SPL logic.
While there are a number of ways that data can be viewed in Splunk, events are perhaps the most important to first be familiar with.
Splunk uses “Events” to organize timeseries data. These events have extracted fields and associated values based on the particular type of data it contains. There are a number of standardized fields which you can find on the “DATA DISCOVERY” page under the “Important Field Names” section. Importantly, events are categorized by assigned “indexes” when data is added. These indexes can then used to filter for the particular data you might be looking for.
You can get further technical help directly within Splunk through using our support chat or you can try contacting your NTerminal point of contact.