Introduction

Splunk default fields

Splunk server adds the following default fields to each event in every index.

Field Name

Description

Values/Range

Anchor

	date_hour
	date_hour

date_hour

Indicates the hour when an event occurred. To narrow your search for specific event timestamps, you can use the default datetime fields. Click here for more information on datetime fields.

Range: 0-23

Anchor

	date_mday
	date_mday

date_mday

Indicates the day of the month when the event occurred

Range: 1-31

Anchor

	date_minute
	date_minute

date_minute

Indicates the exact minute when the event occurred

Range: 0-59

Anchor

	date_month
	date_month

date_month

Indicates the month during which an event occurred

Anchor

	date_second
	date_second

date_second

Indicates the second in which an event occurred

Range: 0-59

Anchor

	date_wday
	date_wday

date_wday

Indicates the day of the week in which an event occurred

Example: Sunday, Monday, etc.

Anchor

	date_year
	date_year

date_year

Indicates the year in which an event occurred

Anchor

	date_zone
	date_zone

date_zone

Indicates the time for the local timezone of an event, expressed as hours in Unix Time

Anchor

	eventtype
	eventtype

eventtype

Indicates events of the same type based on a given search. Click here for more information

Example: splunkd-log

Anchor

	host
	host

host

Contains information about the originating hostname or a network IP address that generates the event

Example: reporting-1.com

Anchor

	index
	index

index

Contains the name of the index with which a given event is indexed

Example: ib_dns_summary

Anchor

	linecount
	linecount

linecount

Contains information about the number of lines in an event before it is indexed

Example: 1

Anchor

	punct
	punct

punct

Contains information about the pattern of the first thirty punctuation characters in the first line of the event with which it is associated. It shows how an event looks when all letters, numbers, and spaces are removed and contains characters such as periods, colons, parentheses, quotes, question marks, dashes, and underscores. Click here for more information.

Wiki Markup
Example: -_::._\[\]:___.../_=

Anchor

	source
	source

source

Contains the name of the file, stream, or other input details from which the event originates

Example: si-search-dns-query-reply

Anchor

	sourcetype
	sourcetype

sourcetype

Specifies the format of data input from which the event originates

Stash

Anchor

	splunk_server
	splunk_server

splunk_server

Contains the name of the Splunk server that comprises the event

Example: reporting-2.com-2-slave

Anchor

	splunk_server_group
	splunk_server_group

splunk_server_group

Contains the name of the Splunk server group

String

Anchor
_Commonly_extracted_fields
_Commonly_extracted_fields
Commonly extracted fields

Field Name

Description

Values/Range

Source of Data

Anchor

	EA
	EA

EA

Specifies the extensible attribute

String

__grouping_by_ea_tag_lookup lookup
from /storage/splunk/etc/apps/infoblox
/lookups/grouping_by_ea_tag_map.csv with
host value as input
OR
pool_ea_lookup_csv lookup from
/storage/splunk/etc/apps/infoblox/
lookups/idns_pools.csv with pool value
as input
OR
resource_pool_ea_lookup_csv lookup
from /storage/splunk/etc/apps/infoblox
/lookups/idns_resources.csv with
RESOURCE value as input
OR
network_ea_lookup_csv lookup
from /storage/splunk/etc/apps
/infoblox/lookups/network.csv
with NETWORK value as input

Anchor

	HWTYPE
	HWTYPE

HWTYPE

Specifies the hardware type

Example: IB-4030

nios_member_hw_lookup lookup from
/storage/splunk/etc/apps/infoblox/
lookups/nios_member_hw.csv with
host value as input

Anchor

	MAX_DB_OBJECTS
	MAX_DB_OBJECTS

MAX_DB_OBJECTS

Specifies the maximum objects in the database for a host

eg: 8000000

nios_member_hw_lookup lookup from
/storage/splunk/etc/apps/infoblox/
lookups/nios_member_hw.csv with
host value as input

Anchor

	MAX_DHCP_LPS
	MAX_DHCP_LPS

MAX_DHCP_LPS

Specifies the maximum number of DHCP leases per second for a host

Example: 15.0

nios_member_hw_lookup lookup from
/storage/splunk/etc/apps/infoblox/
lookups/nios_member_hw.csv with
host value as input

Anchor

	MAX_DNS_QPS
	MAX_DNS_QPS

MAX_DNS_QPS

Specifies the maximum DNS queries per second for a host

Example: 1000000.0

nios_member_hw_lookup lookup from
/storage/splunk/etc/apps/infoblox/
lookups/nios_member_hw.csv with
host value as input

Anchor

	Member_IP
	Member_IP

MEMBER_IP

Specifies the IP address of the member

IP address

nios_member_hw_lookup lookup from
/storage/splunk/etc/apps/infoblox/
lookups/nios_member_ip.csv with
host value as input

Anchor

	timeendpos
	timeendpos

timeendpos

Specifies the byte at which the timestamp ends. These values are based on the TIME_FORMAT that is specified for a sourcetype under props.conf.

Example: 26

Anchor

	timestartpos
	timestartpos

timestartpos

Specifies the byte at which the timestamp starts

Example: 0

...

Extracted Field Name	Description of the field	Reports	Values/Range	Source of Data	Remarks
CLIENT	Specifies the IP address of the DNS client		Example: 10.39.18.60
COUNT	Specifies the count of DNS queries	si_dns_top_clients	Integer
	Specifies the count of SERVFAIL errors that are received for DNS clients	si_top_servfail_received_queries	Integer
	Specifies the count of NXDOMAIN/NOERROR replies for DNS clients	si_top_nxdomain_query	Integer
	Specifies the count of DNS domain name requests	si_dns_requested_domain	Integer
	Specifies the count of DNS queries per second	si_dns_qps_trend	Integer
	Specifies the count of DNS SERVFAIL errors that are sent for DNS queries	si_top_servfail_sent_queries	Integer
	Specifies the count of DNS timed-out recursive queries	si_top_timeout_queries	Integer
	Specifies the average count of DNS RPX hits	si_dns_rpz_hits	Integer
	Specifies the count of DNS clients per domain	si_top_clients_per_domain	Integer
EA	Common Extracted fields
FQDN	Specifies the fully qualified domain name	si_dns_requested_domain and si_top_clients_per_domain	Example: 213.31.102.10.in-addr.arpa
HWTYPE	Common Extracted fields
MAX_DB_OBJECTS	Common Extracted fields
MAX_DHCP_LPS	Common Extracted fields
MAX_DNS_QPS	Common Extracted fields
MEMBER	Specifies the member		String	Infoblox DNS Summary
MEMBER_IP	Common Extracted fields
TLD	Specifies top level domain names	si_dns_requested_domain	Example: arpa
TYPE	Specifies the DNS response type	si_dns_query_reply, si_dns_qps_trend, and si_ddns_update	SUCCESS/NOERROR OR REFERRAL OR NXRRSET OR NXDOMAIN OR REFUSED OR OTHER
VIEW	It refers to the DNS view key to map DNS view through lookup. See display_name field.	si_dns_requested_domain, si_dns_top_clients, si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day, si_dns_member_qps_trend, si_dns_qps_trend, si_ddns_update, si_dns_cache_hit_ratio, si_dns_rpz_hits, si_top_clients_per_domain, si_top_timeout_queries, si_top_servfail_sent_queries, si_top_nxdomain_query, and si_top_servfail_received_queries	Example: _default
date_hour	Splunk Default field
date_mday	Splunk Default field
date_minute	Splunk Default field
date_month	Splunk Default field
date_second	Splunk Default field
date_wday	Splunk Default field
date_year	Splunk Default field
date_zone	Splunk Default field
display_name	Specifies the DNS view	si_dns_requested_domain, si_dns_top_clients, si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day, si_dns_member_qps_trend, si_dns_qps_trend, si_ddns_update, si_dns_cache_hit_ratio, si_dns_rpz_hits, si_top_clients_per_domain, si_top_timeout_queries, si_top_servfail_sent_queries, si_top_nxdomain_query, and si_top_servfail_received_queries	Example: default.MS-2016		Lookup from dns_viewkey_displayname.csv using the VIEW field value
eventtype	Splunk Default field
host	Splunk Default field
index	Splunk Default field
info_max_time	Common summary index fields
info_min_time	Common summary index fields
info_search_time	Common summary index fields
linecount	Splunk Default field
orig_host	Specifies the host name of the data source		Example: infoblox.com		Splunk added default field
psrsvd_ct_COUNT	Here, ct = count. It contains the count information for the COUNT field.	si_dns_query_reply and si_dns_qps_trend			Splunk added special field
psrsvd_ct_LATENCY	Contains the count information for the LATENCY field	si_dns_response_latency_trend			Splunk added special field
psrsvd_ct_QCOUNT	Contains the count information for the QCOUNT field	si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day, and si_dns_member_qps_trend			Splunk added special field
psrsvd_gc	Here, gc = group count. It indicates the count for stats grouping and it is not scoped to a single field.	si_dns_query_reply, si_dns_response_latency_trend, si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day, si_dns_member_qps_trend, and si_dns_qps_trend			Splunk added special field
psrsvd_nc_COUNT	Here, nc = numerical count. It indicates the number of numerical values and contains the numerical count information for the COUNT field.	si_dns_query_reply and si_dns_qps_trend			Splunk added special field
psrsvd_nc_LATENCY	Contains the numerical count information for the LATENCY field	si_dns_response_latency_trend			Splunk added special field
psrsvd_nc_QCOUNT	Contains the numerical count information for the QCOUNT field	si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day, and si_dns_member_qps_trend			Splunk added special field
psrsvd_nx_QCOUNT	Here, nx = maximum numerical value. It contains the maximum numerical value information for the QCOUNT field.	si_dns_member_qps_trend_per_hour and si_dns_member_qps_trend_per_day			Splunk added special field
psrsvd_sm_COUNT	Here, sm = sum. It contains the sum information for the COUNT field.	si_dns_query_reply and si_dns_qps_trend			Splunk added special field
psrsvd_sm_LATENCY	Contains the sum information for the LATENCY field.	si_dns_response_latency_trend			Splunk added special field
psrsvd_sm_QCOUNT	Contains the sum information for the QCOUNT field	si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day, and si_dns_member_qps_trend			Splunk added special field
psrsvd_sx_QCOUNT	Here, sx = maximum lexicographical value. It contains the maximum lexicographical value information for the QCOUNT field	si_dns_member_qps_trend_per_hour and si_dns_member_qps_trend_per_day			Splunk added special field
psrsvd_v	Here, v = version. This is not scoped to a single field.	si_dns_query_reply, si_dns_response_latency_trend, si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day, si_dns_member_qps_trend, and si_dns_qps_trend			Splunk added special field
psrsvd_vt_COUNT	Here, vt = value type. It contains precision of the associated field. This field contains precision of the COUNT field.	si_dns_query_reply and si_dns_qps_trend			Splunk added special field
psrsvd_vt_LATENCY	Contains precision of the LATENCY field	si_dns_response_latency_trend			Splunk added special field
psrsvd_vt_QCOUNT	Contains precision of the QCOUNT field	si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day, and si_dns_member_qps_trend			Splunk added special field
report	Contains the name of the report that populates the summary index
	DNS Scavenge Object Count Trend data	si_dns_reclaimed_object_count_trend
	DNS Top Clients report data	si_dns_top_clients
	DNS Replies Trend data	si_dns_query_reply
	DNS Top SERVFAIL Errors Received Report data	si_top_servfail_received_queries
	DNS Response Latency Trend data	si_dns_response_latency_trend
	DNS Daily Peak Hour Query Rate by Member Report data	si_dns_member_qps_trend_per_hour
	DNS Top NXDOMAIN / NOERROR (no data) Report data	si_top_nxdomain_query
	DNS Daily Query Rate by Member Report data	si_dns_member_qps_trend_per_day
	DNS Query Rate by Member Report data	si_dns_member_qps_trend
	DNS Top Requested Domain Names Report data	si_dns_requested_domain
	DNS Queries Per Second Trend data	si_dns_qps_trend
	DNS Top SERVFAIL Errors Sent Report data	si_top_servfail_sent_queries
	DDNS Update Rate Trend data	si_ddns_update
	DNS Cache Hit Rate Trend data	si_dns_cache_hit_ratio
	DNS Top Timed-Out Recursive Queries Report data	si_top_timeout_queries
	DNS RPZ Hits Reports data	si_dns_rpz_hits
	DNS Top Clients per Domain Report data	si_top_clients_per_domain
search_name	Common summary index fields
search_now	Common summary index fields
source	Splunk Default field
sourcetype	Splunk Default field
splunk_server	Splunk Default field
splunk_server_group	Splunk Default field
timeendpos	Common extracted fields
timestartpos	Common extracted fields

Infoblox DHCP Summary

Extracted Field Name	Description of the field	Reports	Values/Range	Source of Data	Remarks
ACTION	Specifies the action		String. Example: Issued	Infoblox DHCP summary
DEVICE_CLASS	Specifies the device class		String. Example: Linux	fingerprint_device_class_lookup lookup from /storage/splunk/etc /apps/infoblox/lookups/fingerprint _device_class_map.csv with FP value as input OR os_number_fingerprint_lookup lookup from /storage/splunk/etc/apps/infoblox /lookups/os_number_fingerprint_device_ class_map.csv with OS_NUMBER value as input
DHCP_RANGE	Specifies the DHCP range		Network range. Example: 10.0.0.1-10.0.0.200	Evaluated from the start_address and end_address field values
EA	Common Extracted fields
FP	Specifies the fingerprint data		String. Example: No Match	Infoblox DHCP summary
HWTYPE	Common Extracted fields
LEASED_IP	Specifies the lease IP address		IP address	Infoblox DHCP summary
MAC_DUID	Specifies the MAC address		MAC address	Infoblox DHCP summary
MAX_DB_OBJECTS	Common Extracted fields
MAX_DHCP_LPS	Common Extracted fields
MAX_DNS_QPS	Common Extracted fields
MEMBER_IP	Common Extracted fields
Protocol	Specifies the DHCP protocol		String. Example: IPV4	Infoblox DHCP summary
SFP	Specifies the SFP		String. Example: Ubuntu/Debian 5/Knoppix 6	os_number_fingerprint_lookup lookup from /storage/splunk/etc/apps/infoblox/ lookups/os_number_fingerprint_device_ class_map.csv with OS_NUMBER value as input
VIEW	It refers to the DNS view key to map the DNS view through lookup. See display_name field		String
date_hour	Splunk Default field
date_mday	Splunk Default field
date_minute	Splunk Default field
date_month	Splunk Default field
date_second	Splunk Default field
date_wday	Splunk Default field
date_year	Splunk Default field
date_zone	Splunk Default field
dhcp_utilization_status	Specifies the DHCP utilization status		String	Infoblox DHCP summary
display_name	Specifies the DNS view		String	DNS view lookup from dns_viewkey_displayname.csv using the View field value
end_address	Specifies the end IP address		IP address	Infoblox DHCP summary
eventtype	Splunk Default field
host	Splunk Default field
index	Splunk Default field
info_max_time	Common summary index fields
info_min_time	Common summary index fields
info_search_time	Common summary index fields
linecount	Splunk Default field
members	Specifies the DHCP member		String. Example: infoblox.localdomain	Infoblox DHCP summary
ms_servers	Specifies the MS servers		IP address	Infoblox DHCP summary
orig_host	Specifies the host name of the data source		Example: infoblox.com		Splunk added default field
psrsvd_ct_FREE_ ADDRESSES	Specifies the count information for FREE_ADDRESSES field	si_dhcp_usage_trend			Splunk added special field
psrsvd_ct_dhcp_utilization	Specifies the count for dhcp_utilization field	si_dhcp_range_utilization _trend			Splunk added special field
psrsvd_ct_dynamic_hosts	Specifies the count for dynamic_hosts field	si_dhcp_usage_trend			Splunk added special field
psrsvd_ct_static_hosts	Specifies the count for static_hosts field	si_dhcp_usage_trend			Splunk added special field
psrsvd_ct_v4ack	Specifies the count for v4ack field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4decline	Specifies the count for v4decline field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4discover	Specifies the count for v4discover field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4inform	Specifies the count for v4inform field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4leaseactive	Specifies the count for v4leaseactive field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4leasequery	Specifies the count for v4leasequery field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4leaseunassigned	Specifies the count for v4leaseunassigned field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4leaseunknown	Specifies the count for v4leaseunknown field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4nak	Specifies the count for v4nak field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4offer	Specifies the count for v4offer field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4release	Specifies the count for v4release field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v4request	Specifies the count for v4request field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6advertise	Specifies the count for v6advertise field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6confirm	Specifies the count for v6confirm field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6decline	Specifies the count for v6decline field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6information_ request	Specifies the count for v6information_request field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6leasequery	Specifies the count for v6leasequery field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6leasequery_ reply	Specifies the count for v6leasequery_reply field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6rebind	Specifies the count for v6rebind field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6reconfigure	Specifies the count for v6reconfigure field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6relay_forward	Specifies the count for v6relay_forward field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6relay_reply	Specifies the count for v6relay_reply field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6release	Specifies the count for v6release field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6renew	Specifies the count for v6renew field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6reply	Specifies the count for v6reply field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6request	Specifies the count for v6request field	si-search-dhcp-message			Splunk added special field
psrsvd_ct_v6solicit	Specifies the count for v6solicit field	si-search-dhcp-message			Splunk added special field
psrsvd_gc	Here, gc = group count. The count for stats grouping and not scoped to a single field.				Splunk added special field
psrsvd_nc_FREE_ ADDRESSES	Specifies the numerical count for FREE_ADDRESSES field	si_dhcp_usage_trend			Splunk added special field
psrsvd_nc_dhcp_utilization	Specifies the numerical count for dhcp_utilization field	si_dhcp_range_utilization_trend			Splunk added special field
psrsvd_nc_dynamic_hosts	Specifies the numerical count for dynamic_hosts field	si_dhcp_usage_trend			Splunk added special field
psrsvd_nc_static_hosts	Specifies the numerical count for static_hosts field	si_dhcp_usage_trend			Splunk added special field
psrsvd_nc_v4ack	Specifies the numerical count for v4ack field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4decline	Specifies the numerical count for v4decline field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4discover	Specifies the numerical count for v4discover field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4inform	Specifies the numerical count for v4inform field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4leaseactive	Specifies the numerical count for v4leaseactive field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4leasequery	Specifies the numerical count for v4leasequery field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4leaseunassigned	Specifies the numerical count for v4leaseunassigned field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4leaseunknown	Specifies the numerical count for v4leaseunknown field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4nak	Specifies the numerical count for v4nak field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4offer	Specifies the numerical count for v4offer field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4release	Specifies the numerical count for

'

v4release

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v4request	Specifies the numerical count for

'

v4request

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6advertise	Specifies the numerical count for v6advertise

''

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6confirm	Specifies the numerical count for

'

v6confirm

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6decline	Specifies the numerical count for

'

v6decline

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6information_ request	Specifies the numerical count for

'

v6information_request

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6leasequery	Specifies the numerical count for

'

v6leasequery

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6leasequery_reply	Specifies the numerical count for

'

v6leasequery_reply

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6rebind	Specifies the numerical count for

'

v6rebind

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6reconfigure	Specifies the numerical count for

'

v6reconfigure

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6relay_forward	Specifies the numerical count for

'

v6relay_forward

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6relay_reply	Specifies the numerical count for

'

v6relay_reply

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6release	Specifies the numerical count for

'

v6release

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6renew	Specifies the numerical count for

'

v6renew

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6reply	Specifies the numerical count for

'

v6reply

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6request	Specifies the numerical count for

'

v6request

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_nc_v6solicit	Specifies the numerical count for

'

v6solicit

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_FREE_ ADDRESSES	Specifies the sum for

'

FREE_ADDRESSES

'

field	si_dhcp_usage_trend		Splunk added special field
psrsvd_sm_dhcp_utilization	Specifies the sum for dhcp_utilization field	si_dhcp_range_utilization_trend		Splunk added special field
psrsvd_sm_dynamic_hosts	Specifies the sum for

'

dynamic_hosts

'

field	si_dhcp_usage_trend			Splunk added special field
psrsvd_sm_static_hosts	Specifies the sum for

'

static_hosts

'

field	si_dhcp_usage_trend			Splunk added special field
psrsvd_sm_v4ack	Specifies the sum for

'

v4ack

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4decline	Specifies the sum for

'

v4decline

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4discover	Specifies the sum for

'

v4discover

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4inform	Specifies the sum for

'

v4inform

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4leaseactive	Specifies the sum for

'

v4leaseactive

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4leasequery	Specifies the sum for

'

v4leasequery

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4leaseunassigned	Specifies the sum for

'

v4leaseunassigned

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4leaseunknown	Specifies the sum for

'

v4leaseunknown

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4nak	Specifies the sum for

'

v4nak

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4offer	Specifies the sum for

'

v4offer

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4release	Specifies the sum for

'

v4release

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v4request	Specifies the sum for

'

v4request

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6advertise	Specifies the sum for

'

v6advertise

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6confirm	Specifies the sum for

'

v6confirm

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6decline	Specifies the sum for

'

v6decline

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6information_ request	Specifies the sum for

'

v6information_request

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6leasequery	Specifies the sum for

'

v6leasequery

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6leasequery_reply	Specifies the sum for

'

v6leasequery_reply

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6rebind	Specifies the sum for

'

v6rebind

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6reconfigure	Specifies the sum for

'

v6reconfigure

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6relay_forward	Specifies the sum for

'

v6relay_forward

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6relay_reply	Specifies the sum for

'

v6relay_reply

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6release	Specifies

the

th sum for

'

v6release

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6renew	Specifies the sum for

'

v6renew

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6reply	Specifies the sum for

'

v6reply

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6request	Specifies the sum for

'

v6request

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_sm_v6solicit	Specifies the sum for

'

v6solicit

'

field	si-search-dhcp-message		Splunk added special field
psrsvd_v	Here, v = version. This is not scoped to a single field.	si_dhcp_usage_trend, si_dhcp_top_lease_client, si_dhcp_range_utilization_trend, si_dhcp_top_os_by_network, and si-search-dhcp-message		Splunk added special field
psrsvd_vt_FREE_ADDRESSES	Contains precision of the

'

FREE_ADDRESSES

'

field	si_dhcp_usage_trend		Splunk added special field
psrsvd_vt_dhcp_utilization	Contains precision of the dhcp_utilization field	si_dhcp_range_utilization_trend		Splunk added special field
psrsvd_vt_dynamic_hosts	Contains precision of the

'

dynamic_hosts

'

field	si_dhcp_usage_trend			Splunk added special field
psrsvd_vt_static_hosts	Contains precision of the

'

static_hosts

'

field	si_dhcp_usage_trend			Splunk added special field
psrsvd_vt_v4ack	Contains precision of the

'

v4ack

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4decline	Contains precision of the

'

v4decline

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4discover	Contains precision of the

'

v4discover

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4inform	Contains precision of the

'

v4inform

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4leaseactive	Contains precision of the

'

v4leaseactive

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4leasequery	Contains precision of the

'

v4leasequery

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4leaseunassigned	Contains precision of the

'

v4leaseunassigned

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4leaseunknown	Contains precision of the

'

v4leaseunkown

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4nak	Contains precision of the

'

v4nak

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4offer	Contains precision of the

'

v4offer

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4release	Contains precision of the

'

v4release

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v4request	Contains precision of the

'

v4request

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6advertise	Contains precision of the

'

v6advertise

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6confirm	Contains precision of the

'

v6confirm

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6decline	Contains precision of the

'

v6decline

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6information_request	Contains precision of the

'

v6information_request

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6leasequery	Contains precision of the

'

v6leasequery

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6leasequery_reply	Contains precision of the

'

v6leasequery_reply

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6rebind	Contains precision of the

'

v6rebind

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6reconfigure	Contains precision of the

'

v6reconfigure

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6relay_forward	Contains precision of the

'

v6relay_forward

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6relay_reply	Contains precision of the

'

v6relay_reply

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6release	Contains precision of the

'

v6release

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6renew	Contains precision of the

'

v6renew

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6reply	Contains precision of the

'

v6reply

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6request	Contains precision of the

'

v6request

'

field	si-search-dhcp-message			Splunk added special field
psrsvd_vt_v6solicit	Contains precision of the

'

v6solicit

'

field	si-search-dhcp-message			Splunk added special field
report	Name of the report that is populating the summary index
	DHCP Message Rate Trend data	si-search-dhcp-message
	DHCPv4 Usage Trend data	si_dhcp_usage_trend
	DHCP Top Lease Clients report data	si_dhcp_top_lease_client
	Top Devices Denied an IP Address report data	si_devices_denied_an_ip_address
	DHCPv4 Range Utilization Trend	si_dhcp_range_utilization_trend
	Device and Device Classes reports data	si_dhcp_top_os_by_network
search_name	Common summary index fields
search_now	Common summary index fields
source	Splunk Default field
sourcetype	Splunk Default field
splunk_server	Splunk Default field
splunk_server_group	Splunk Default field
start_address	Specifies the start IP address		IP address	Infoblox DHCP summary
timeendpos	Common extracted fields
timestartpos	Common extracted fields
View	Specifies the network view		String. Example: default	Infoblox DHCP summary

Infoblox DTC Summary

Extracted Field Name	Description of the field	Reports	Values/Range	Source of Data	Remarks
EA	Common Extracted fields
HWTYPE	Common Extracted fields
MAX_DB_OBJECTS	Common Extracted fields
MAX_DHCP_LPS	Common Extracted fields
MAX_DNS_QPS	Common Extracted fields
MEMBER_IP	Common Extracted fields
date_hour	Splunk Default field
date_mday	Splunk Default field
date_minute	Splunk Default field
date_month	Splunk Default field
date_second	Splunk Default field
date_wday	Splunk Default field
date_year	Splunk Default field
date_zone	Splunk Default field
eventtype	Splunk Default field
host	Splunk Default field
index	Splunk Default field
info_max_time	Common summary index fields
info_min_time	Common summary index fields
info_search_time	Common summary index fields
linecount	Splunk Default field
Monitor	Specifies the monitor		String. Example: https	Infoblox DTC summary
orig_host	Specifies the host name of the data source		Example: infoblox.com		Splunk added default field
pool	Specifies the Pool		String. Example: Pool	Infoblox DTC summary
psrsvd_ct_available	Specifies the count information for available field	si_adns_resource_pool_availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_ct_response_count	Specifies the count information for 'responceresponse_count ' field	si_dtc_response_distribution			Splunk added special field
psrsvd_ct_unavailable	Specifies the count information for ' unavailable ' field	si_adns_resource_pool_availability and si_smart_dns_resource_availability			Splunk added special field
psrscd_ct_value	Specifies the count information for ' value ' field	si_smart_dns_resource_snmp			Splunk added special field
psrsvd_gc	Here, gc = group count. This is the count for stats grouping and it is not scoped to a single field.	si_dtc_response_distribution, si_smart_dns_resource_snmp, si_adns_resource_pool_availability, and si_smart_dns_resource_availability			Splunk added special field
psrsvd_nc_available	Specifies the numerical count information for ' available ' field	si_adns_resource_pool_availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_nc_response_count	Specifies the numerical count information for ' response_count ' field	si_dtc_response_distribution			Splunk added special field
psrsvd_nc_unavailable	Specifies the numerical count information for ' unavailable ' field	si_adns_resource_pool_availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_nc_value	Specifies the numerical count information for ' value ' field	si_smart_dns_resource_snmp			Splunk added special field
psrsvd_sm_available	Specifies the sum information for ' available ' field	si_adns_resource_pool_availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_sm_response_count	Specifies the sum information for ' response_count ' field	si_dtc_response_distribution			Splunk added special field
psrsvd_sm_unavailable	Specifies the sum information for ' unavailable ' field	si_adns_resource_pool_availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_sm_value	Specifies the sum information for ' value ' field	si_smart_dns_resource_snmp			Splunk added special field
psrsvd_v	Here, v = version. This is not scoped to a single field.	si_dtc_response_distribution, si_smart_dns_resource_snmp, si_adns_resource_pool_availability, and si_smart_dns_resource_availability			Splunk added special field
psrsvd_vt_available	Contains precision of the ' available ' field	si_adns_resource_pool_availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_vt_response_count	Contains precision of the response_count field	si_dtc_response_distribution			Splunk added special field
psrsvd_vt_unavailable	Contains precision of the unavailable field	si_adns_resource_pool_availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_vt_value	Contains precision of the value field	si_smart_dns_resource_snmp			Splunk added special field
report	Name of the report that populates the summary index
	DNS Traffic Control Response Distribution Trend data	si_dtc_response_distribution
	DNS Traffic Control Resource Pool Availability reports data	si_adns_resource_pool_availability
	DNS Traffic Control Resource SNMP reports data	si_smart_dns_resource_snmp
	DNS Traffic Control Resource Availability reports data	si_smart_dns_resource_availability
resource	Specifies the resource		String. Example: Server	Infoblox DTC summary
search_name	Common summary index fields
search_now	Common summary index fields
source	Splunk Default field
sourcetype	Splunk Default field
splunk_server	Splunk Default field
splunk_server_group	Splunk Default field
timeendpos	Common extracted fields
timestartpos	Common extracted fields

...

Extracted Field Name	Description of the field	Reports	Values/Range	Source of Data	Remarks
EA	Common Extracted fields
HWTYPE	Common Extracted fields
MAX_DB_OBJECTS	Common Extracted fields
MAX_DHCP_LPS	Common Extracted fields
MAX_DNS_QPS	Common Extracted fields
MEMBER	Specifies the member		String. Example: infoblox.localdomain: inbound	Evaluated from host and sys_report_id field values
MEMBER_IP	Common Extracted fields
date_hour	Splunk Default field
date_mday	Splunk Default field
date_minute	Splunk Default field
date_month	Splunk Default field
date_second	Splunk Default field
date_wday	Splunk Default field
date_year	Splunk Default field
date_zone	Splunk Default field
eventtype	Splunk Default field
host	Splunk Default field
index	Splunk Default field
info_max_time	Common summary index fields
info_min_time	Common summary index fields
info_search_time	Common summary index fields
linecount	Splunk Default field
orig_host	Specifies the host name of the data source		Example: infoblox.com		Splunk added default field
psrsvd_ct_CPU_PERCENT	Specifies the count information for the CPU_PERCENT field	si_cpu_usage			Splunk added special field
psrsvd_ct_MEMORY_PERCENT	Specifies the count information for the MEMORY_PERCENT field	si_memory_utilization			Splunk added special field
psrsvd_ct_TRAF_VALUE	Specifies the count information for TRAF_VALUE field	si_traffic_rate			Splunk added special field
psrsvd_gc	Here, gc = group count. This is the count for a stats " grouping ," and it is not scoped to a single field.	si_memory_utilization, si_traffic_rate, and si_cpu_usage			Splunk added special field
psrsvd_nc_CPU_PERCENT	Specifies the numerical count information for CPU_PERCENT field	si_cpu_usage			Splunk added special field
psrsvd_nc_MEMORY_PERCENT	Specifies the numerical count information for MEMORY_PERCENT field	si_memory_utilization			Splunk added special field
psrsvd_nc_TRAF_VALUE	Specifies the numerical count information for TRAF_VALUE field	si_traffic_rate			Splunk added special field
psrsvd_sm_CPU_PERCENT	Specifies the sum for CPU_PERCENT field	si_cpu_usage			Splunk added special field
psrsvd_sm_MEMORY_PERCENT	Specifies the sum for MEMORY_PERCENT field	si_memory_utilization			Splunk added special field
psrsvd_sm_TRAF_VALUE	Specifies the sum for TRAF_VALUE field	si_traffic_rate			Splunk added special field
psrsvd_v	Here, v = version. This is not scoped to a single field.	si_memory_utilization, si_traffic_rate, and si_cpu_usage			Splunk added special field
psrsvd_vt_CPU_PERCENT	Contains precision of the CPU_PERCENT field	si_cpu_usage			Splunk added special field
psrsvd_vt_MEMORY_PERCENT	Contains precision of the MEMORY_PERCENT field	si_memory_utilization			Splunk added special field
psrsvd_vt_TRAF_VALUE	Contains precision of the TRAF_VALUE field	si_traffic_rate			Splunk added special field
report	Specifies the name of the report that is populating the summary index
	Index Disk Usage Report Data	si_index_disk_usage
	Memory Utilization Trend data	si_memory_utilization
	Traffic Rate by Member report data	si_traffic_rate
	CPU Utilization Trend data	si_cpu_usage
search_name	Common summary index fields
search_now	Common summary index fields
source	Splunk Default field
sourcetype	Splunk Default field
splunk_server	Splunk Default field
splunk_server_group	Splunk Default field
timeendpos	Common extracted fields
timestartpos	Common extracted fields

...

Versions Compared

Old Version 19

New Version 20

Key

Splunk default fields

Anchor
_Commonly_extracted_fields
_Commonly_extracted_fields
Commonly extracted fields

Infoblox DHCP Summary

Infoblox DTC Summary

Page Comparison

Versions Compared

Old Version 19

New Version 20

Key

Splunk default fields

Anchor_Commonly_extracted_fields_Commonly_extracted_fieldsCommonly extracted fields

Infoblox DHCP Summary

Infoblox DTC Summary

Anchor
_Commonly_extracted_fields
_Commonly_extracted_fields
Commonly extracted fields