Introduction

Splunk default fields

Splunk server adds the following default fields to each event in every index.

Field Name

Description

Values/Range

Anchor

	date_hour
	date_hour

date_hour

Indicates the hour when an event occurred. To narrow your search for specific event timestamps, you can use the default datetime fields. Click here for more information on datetime fields.

Range: 0-23

Anchor

	date_mday
	date_mday

date_mday

Indicates the day of the month when the event occurred

Range: 1-31

Anchor

	date_minute
	date_minute

date_minute

Indicates the exact minute when the event occurred

Range: 0-59

Anchor

	date_month
	date_month

date_month

Indicates the month during which an event occurred

Anchor

	date_second
	date_second

date_second

Indicates the second in which an event occurred

Range: 0-59

Anchor

	date_wday
	date_wday

date_wday

Indicates the day of the week in which an event occurred

Example: Sunday, Monday, etc.

Anchor

	date_year
	date_year

date_year

Indicates the year in which an event occurred

Anchor

	date_zone
	date_zone

date_zone

Indicates the time for the local timezone of an event, expressed as hours in Unix Time

Anchor

	eventtype
	eventtype

eventtype

Indicates events of the same type based on a given search. Click here for more information

Example: splunkd-log

Anchor

	host
	host

host

Contains information about the originating hostname or a network IP address that generates the event

Example: reporting-1.com

Anchor

	index
	index

index

Contains the name of the index with which a given event is indexed

Example: ib_dns_summary

Anchor

	linecount
	linecount

linecount

Contains information about the number of lines in an event before it is indexed

Example: 1

Anchor

	punct
	punct

punct

Contains information about the pattern of the first thirty punctuation characters in the first line of the event with which it is associated. It shows how an event looks when all letters, numbers, and spaces are removed and contains characters such as periods, colons, parentheses, quotes, question marks, dashes, and underscores. Click here for more information.

Wiki Markup
Example: -_::._\[\]:___.../_=

Anchor

	source
	source

source

Contains the name of the file, stream, or other input details from which the event originates

Example: si-search-dns-query-reply

Anchor

	sourcetype
	sourcetype

sourcetype

Specifies the format of data input from which the event originates

Stash

Anchor

	splunk_server
	splunk_server

splunk_server

Contains the name of the Splunk server that comprises the event

Example: reporting-2.com-2-slave

Anchor

	splunk_server_group
	splunk_server_group

splunk_server_group

Contains the name of the Splunk server group

String

Anchor
_Commonly_extracted_fields
_Commonly_extracted_fields
Commonly extracted fields

Field Name

Description

Values/Range

Source of Data

Anchor

	EA
	EA

EA

Specifies the extensible attribute

String

'__grouping_by_ea_tag_lookup' lookup from /storage/splunk/etc/apps/infoblox/lookups/grouping_by_ea_tag_map.csv with 'host' value as input OR'pool_ea_lookup_csv' lookup from /storage/splunk/etc/apps/infoblox/lookups/idns_pools.csv with 'pool' value as inputOR'input OR resource_pool_ea_lookup_csv' lookup from /storage/splunk/etc/apps/infoblox/lookups/idns_resources.csv with 'RESOURCE' value as inputOR'input OR network_ea_lookup_csv' lookup from /storage/splunk/etc/apps/infoblox/lookups/network.csv with 'NETWORK' value as input

Anchor

	HWTYPE
	HWTYPE

HWTYPE

Specifies the hardware type

Example: IB-4030

nios_member_hw_lookup ' lookup from /storage/splunk/etc/apps/infoblox/lookups/nios_member_hw.csv with 'host' value as input.

Anchor

	MAX_DB_OBJECTS
	MAX_DB_OBJECTS

MAX_DB_OBJECTS

Specifies the maximum objects in the database for a host

'nios_member_hw_lookup' lookup from /storage/splunk/etc/ap. Example: 8000000.

Anchor

	MAX_DHCP_LPS
	MAX_DHCP_LPS

MAX_DHCP_LPS

Specifies the maximum number of DHCP leases per second for a host

Example: 15.0

'nios_member_hw_lookup' lookup from /storage/splunk/etc/apps/infoblox/lookups/nios_member_hw.csv with 'host' value as input.

Anchor

	MAX_DNS_QPS
	MAX_DNS_QPS

MAX_DNS_QPS

Specifies the maximum DNS queries per second for a host

Example: 1000000.0

'nios_member_hw_lookup' lookup from /storage/splunk/etc/apps/infoblox/lookups/nios_member_hw.csv with 'host' value as input.

Anchor

	Member_IP
	Member_IP

MEMBER_IP

Specifies the IP address of the member

IP address

'nios_member_ip_lookup' lookup from /storage/splunk/etc/apps/infoblox/lookups/nios_member_ip.csv with 'host' value as input

Anchor

	timeendpos
	timeendpos

timeendpos

Specifies the byte at which the timestamp ends. These values are based on the TIME_FORMAT that is specified for a sourcetype under props.conf.

Example: 26

Anchor

	timestartpos
	timestartpos

timestartpos

Specifies the byte at which the timestamp starts

Example: 0

...

Extracted Field Name	Description of the field	Values/Range	Source of Data
ACTION	Specifies the action	String. Example: Allocated	Evaluated based on the action field value
EA	Common Extracted fields
HWTYPE	Common Extracted fields
MAX_DB_OBJECTS	Common Extracted fields
MAX_DHCP_LPS	Common Extracted fields
MAX_DNS_QPS	Common Extracted fields
MEMBER_IP	Common Extracted fields
TENANT_NAME	Specifies the name of the tenant associated with the VM	String	tenant_name_lookup lookup from /storage/splunk/etc/apps/infoblox /lookups/tenant_name_lookup.csv with tenant_id value as input
action	Specifies the action count	Integer	Infoblox cloud related dashboards/reports
address	Specifies the IP address	IP address	Infoblox cloud related dashboards/reports
address_type	Specifies the type of address	Integer	Infoblox cloud related dashboards/reports
application_type	Specifies the application type		Infoblox cloud related dashboards/reports
cidr	Specifies the CIDR	Example: 24	Infoblox cloud related dashboards/reports
cnames	Specifies the common name	String	Infoblox cloud related dashboards/reports
date_hour	Splunk Default field
date_mday	Splunk Default field
date_minute	Splunk Default field
date_month	Splunk Default field
date_second	Splunk Default field
date_wday	Splunk Default field
date_year	Splunk Default field
date_zone	Splunk Default field
display_name	Specifies the DNS view	String	DNS view lookup from dns_viewkey_displayname.csv file using the VIEW field value
elastic_address	Specifies the elastic IP address	IP address	Infoblox cloud related dashboards/reports
eventtype	Splunk Default field
Fqdn	Specifies the FQDN	String	Infoblox cloud related dashboards/reports
host	Splunk Default field
index	Splunk Default field
interface_name	Specifies the interface name	String	Infoblox cloud related dashboards/reports
is_primary_ifc	Indicates if primary IFC or not	Example: 0 (not primary)	Infoblox cloud related dashboards/reports
linecount	Splunk Default field
location	Specifies the location		Infoblox cloud related dashboards/reports
mac_address	Specifies the MAC address	Example: 00:11:22:33:44:55	Infoblox cloud related dashboards/reports
mgmt_platform	Specifies management platform	Example: vm132ctest	Infoblox cloud related dashboards/reports
network	Specifies the network address	Example: 10.0.0.0/8	Infoblox cloud related dashboards/reports
network_view	Specifies the network view	Example: default	Infoblox cloud related dashboards/reports
port_id	Specifies the port ID	Integer	Infoblox cloud related dashboards/reports
private_address	Specifies the private address	IP address	Infoblox cloud related dashboards/reports
private_hostname	Specifies the private hostname	String	Infoblox cloud related dashboards/reports
public_address	Specifies the public address	IP address	Infoblox cloud related dashboards/reports
public_hostname	Specifies the public hostname	String	Infoblox cloud related dashboards/reports
punct	Splunk Default field
source	Splunk Default field
sourcetype	Splunk Default field
splunk_server	Splunk Default field
splunk_server_group	Splunk Default field
tenant_id	Specifies the tenant ID	Integer	Infoblox cloud related dashboards/reports
timeendpos	Common extracted fields
timestamp	Indicates the timestamp of the event	Example: 2017-02-04 03:45:53	Infoblox cloud related dashboards/reports
timestartpos	Common extracted fields
view	Specifies the DNS view	String
vlan_id	Specifies the VLAN ID	Integer	Infoblox cloud related dashboards/reports
vm_hostname	Specifies the hostname of the VM	String	Infoblox cloud related dashboards/reports
vm_name	Specifies the name of the VM	Example: 99	Infoblox cloud related dashboards/reports
vm_vpc_address	Specifies the VPC address of the VM	IP address	Infoblox cloud related dashboards/reports
vm_vpc_cidr	Specifies the VPC CIDR of the VM	Example: 24	Infoblox cloud related dashboards/reports
vm_vpc_id	Specifies the VPC ID of the VM	Integer	Infoblox cloud related dashboards/reports
vm_vpc_name	Specifies the VPC name of the VM	Integer	Infoblox cloud related dashboards/reports
vpc_addr	Specifies the VPC address	IP address	Infoblox cloud related dashboards/reports

...

Extracted Field Name	Description of the field	Values/Range	Source of Data
EA	Common Extracted fields
HWTYPE	Common Extracted fields
MAX_DB_OBJECTS	Common Extracted fields
MAX_DHCP_LPS	Common Extracted fields
MAX_DNS_QPS	Common Extracted fields
MEMBER_IP	Common Extracted fields
date_hour	Splunk Default field
date_mday	Splunk Default field
date_minute	Splunk Default field
date_month	Splunk Default field
date_second	Splunk Default field
date_wday	Splunk Default field
date_year	Splunk Default field
date_zone	Splunk Default field
display_name	Specifies the DNS view	String	DNS view lookup from dns_viewkey_displayname.csv file using the View field value
eventtype	Splunk Default field
host	Splunk Default field
index	Splunk Default field
license_count	Specifies the license count	Integer	Reporting license usage
license_pool	Specifies the license pool	String. Example: cloud_api.0	Reporting license usage
linecount	Splunk Default field
punct	Splunk Default field
source	Splunk Default field
sourcetype	Splunk Default field
splunk_server	Splunk Default field
splunk_server_group	Splunk Default field
timeendpos	Common extracted fields
timestamp	Indicates the timestamp	Timestamp	Reporting license usage
timestartpos	Common extracted fields
utilization	Specifies the utilization	Integer	Reporting license usage
view	Specifies the DNS view	String

...

Field Name

Description of the field

Values/Range

Remarks

Anchor

	info_max_time
	info_max_time

info_max_time

The info_* fields are added to each event when you use the addinfo command. This command is primarily an internally-used component of Summary Indexing. Click here for more information.
The latest time boundary for the search.

Integer

Splunk added special field

Anchor

	info_min_time
	info_min_time

info_min_time

Specifies the earliest time boundary for search

Integer

Splunk added special field

Anchor

	info_search_time
	info_search_time

info_search_time

Specifies the time when search was initiated

Integer

Splunk added special field

Anchor

	search_name
	search_name

search_name

Specifies the name of the saved search

Example: si-search-dns-query-reply

Splunk added special field

Anchor

	search_now
	search_now

search_now

Specifies the time when search was scheduled to run

Integer

Splunk added special field

Infoblox DNS Summary

...

Note:
...
psrsvd stands for prestats reserved. Syntax is `psrsvd_[type]_[fieldname]`. These special fields are added by Splunk to summary index data that begins with psrsvd when you initiate search using the si* command to populate a summary index. See List of available psrsvd types from Splunk docs.
Extracted Field Name Description of the field Reports Values/Range Source of Data Remarks
CLIENT Specifies the IP address of the DNS client
Example: 10.39.18.60

COUNT Specifies the count of DNS queries si_dns_top_clients Integer

Specifies the count of SERVFAIL errors that are received for DNS clients si_top_servfail_received_queries Integer

Specifies the count of NXDOMAIN/NOERROR replies for DNS clients si_top_nxdomain_query Integer

Specifies the count of DNS domain name requests si_dns_requested_domain Integer

Specifies the count of DNS queries per second si_dns_qps_trend Integer

Specifies the count of DNS SERVFAIL errors that are sent for DNS queries si_top_servfail_sent_queries Integer

Specifies the count of DNS timed-out recursive queries si_top_timeout_queries Integer

Specifies the average count of DNS RPX hits si_dns_rpz_hits Integer

Specifies the count of DNS clients per domain si_top_clients_per_domain Integer

EA Common Extracted fields

FQDN Specifies the fully qualified domain name si_dns_requested_domain , and
si_top_clients_per_domain Example: 213.31.102.10.in-addr.arpa

HWTYPE Common Extracted fields

MAX_DB_OBJECTS Common Extracted fields

MAX_DHCP_LPS Common Extracted fields

MAX_DNS_QPS Common Extracted fields

MEMBER Specifies the member
String Infoblox DNS Summary
MEMBER_IP Common Extracted fields

TLD Specifies top level domain names si_dns_requested_domain Example: arpa

TYPE Specifies the DNS response type si_dns_query_reply,
si_dns_qps_trend, and
si_ddns_update SUCCESS/NOERROR or
REFERRAL or
NXRRSET or
NXDOMAIN or
REFUSED or
OTHER

VIEW It refers to the DNS view key to map DNS view through lookup. See display_name field. si_dns_requested_domain,
si_dns_top_clients,
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
si_dns_member_qps_trend,
si_dns_qps_trend,
si_ddns_update,
si_dns_cache_hit_ratio,
si_dns_rpz_hits,
si_top_clients_per_domain,
si_top_timeout_queries,
si_top_servfail_sent_queries,
si_top_nxdomain_query, and
si_top_servfail_received_queries Example: _default

date_hour Splunk Default field

date_mday Splunk Default field

date_minute Splunk Default field

date_month Splunk Default field

date_second Splunk Default field

date_wday Splunk Default field

date_year Splunk Default field

date_zone Splunk Default field

display_name Specifies the DNS view si_dns_requested_domain,
si_dns_top_clients,
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
si_dns_member_qps_trend,
si_dns_qps_trend,
si_ddns_update,
si_dns_cache_hit_ratio,
si_dns_rpz_hits,
si_top_clients_per_domain,
si_top_timeout_queries,
si_top_servfail_sent_queries,
si_top_nxdomain_query, and
si_top_servfail_received_queries Example: default.MS-2016
Lookup from dns_viewkey_displayname.csv
using the VIEW field value
eventtype Splunk Default field

host Splunk Default field

index Splunk Default field

info_max_time Common summary index fields

info_min_time Common summary index fields

info_search_time Common summary index fields

linecount Splunk Default field

orig_host Specifies the host name of the data source
Example: infoblox.com
Splunk added default field
psrsvd_ct_COUNT Here, ct = count.
Contains the count information for the COUNT field. si_dns_query_reply ,and si_dns_qps_trend

Splunk added special field
psrsvd_ct_LATENCY Contains the count information for the LATENCY field si_dns_response_latency_trend

Splunk added special field
psrsvd_ct_QCOUNT Contains the count information for the QCOUNT field
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,

and si_dns_member_qps_trend

Splunk added special field
psrsvd_gc Here, gc = group count. It indicates the count for stats " grouping " and it is not scoped to a single field.
si_dns_query_reply,
si_dns_response_latency_trend,
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
si_dns_member_qps_trend,and
si_dns_qps_trend

Splunk added special field
psrsvd_nc_COUNT Here, nc = numerical count. It indicates the number of numerical values and contains the numerical count information for the COUNTfield. si_dns_query_reply , and
si_dns_qps_trend

Splunk added special field
psrsvd_nc_LATENCY Contains the numerical count information for the LATENCY field si_dns_response_latency_trend

Splunk added special field
psrsvd_nc_QCOUNT Contains the numerical count information for the QCOUNT field
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
and si_dns_member_qps_trend

Splunk added special field
psrsvd_nx_QCOUNT Here, nx = maximum numerical value. Contains It contains the maximum numerical value information for the QCOUNT field.
si_dns_member_qps_trend_per_hour, and
si_dns_member_qps_trend_per_day

Splunk added special field
psrsvd_sm_COUNT Here, sm = sum. Contains the sum information for the COUNTfield. si_dns_query_reply ,
and si_dns_qps_trend

Splunk added special field
psrsvd_sm_LATENCY Contains the sum information for the LATENCY field. si_dns_response_latency_trend

Splunk added special field
psrsvd_sm_QCOUNT Contains the sum information for the QCOUNT field
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
and si_dns_member_qps_trend

Splunk added special field
psrsvd_sx_QCOUNT Here, sx = maximum lexicographical value.
Contains the maximum lexicographical value information for the QCOUNT field si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day

Splunk added special field
psrsvd_v Here, v = versioversion. This is not scoped to a single field.
si_dns_query_reply,
si_dns_response_latency_trend,
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
si_dns_member_qps_trend,and
si_dns_qps_trend

Splunk added special field
psrsvd_vt_COUNT Here, vt = value type. Contains It contains precision of the associated field.
This field contains precision of the COUNTfield. si_dns_query_reply , and
si_dns_qps_trend

Splunk added special field
psrsvd_vt_LATENCY Contains precision of the LATENCY field si_dns_response_latency_trend

Splunk added special field
psrsvd_vt_QCOUNT Contains precision of the QCOUNT field
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
and si_dns_member_qps_trend

Splunk added special field
report Contains the name of the report that populates the summary index

DNS Scavenge Object Count Trend data si_dns_reclaimed_object_count_trend

DNS Top Clients report data si_dns_top_clients

DNS Replies Trend data si_dns_query_reply

DNS Top SERVFAIL Errors Received Report data si_top_servfail_received_queries

DNS Response Latency Trend data si_dns_response_latency_trend

DNS Daily Peak Hour Query Rate by Member Report data si_dns_member_qps_trend_per_hour

DNS Top NXDOMAIN / NOERROR (no data) Report data si_top_nxdomain_query

DNS Daily Query Rate by Member Report data si_dns_member_qps_trend_per_day

DNS Query Rate by Member Report data si_dns_member_qps_trend

DNS Top Requested Domain Names Report data si_dns_requested_domain

DNS Queries Per Second Trend data si_dns_qps_trend

DNS Top SERVFAIL Errors Sent Report data si_top_servfail_sent_queries

DDNS Update Rate Trend data si_ddns_update

DNS Cache Hit Rate Trend data si_dns_cache_hit_ratio

DNS Top Timed-Out Recursive Queries Report data si_top_timeout_queries

DNS RPZ Hits Reports data si_dns_rpz_hits

DNS Top Clients per Domain Report data si_top_clients_per_domain

search_name Common summary index fields

search_now Common summary index fields

source Splunk Default field

sourcetype Splunk Default field

splunk_server Splunk Default field

splunk_server_group Splunk Default field

timeendpos Common extracted fields

timestartpos Common extracted fields

...
Extracted Field Name Description of the field Reports Values/Range Source of Data Remarks
ACTION Specifies the action
String. Example: Issued Infoblox DHCP summary
DEVICE_CLASS Specifies the device class
String. Example: Linux
fingerprint_device_class_lookup lookup from
/storage/splunk/etc/apps/infoblox/lookups/
fingerprint_device_class_map.csv with FP value
as input.
OR
os_number_fingerprint_lookup lookup from
/storage/splunk/etc/apps/infoblox/lookups
/os_number_fingerprint_device_class_map.csv
with OS_NUMBER value as input

DHCP_RANGE Specifies the DHCP range
Network range. Example: 10.0.0.1-10.0.0.200
Evaluated from the start_address
and end_address field values

EA Common Extracted fields

FP Specifies the fingerprint data
String. Example: No Match Infoblox DHCP summary
HWTYPE Common Extracted fields

LEASED_IP Specifies the lease IP address
IP address Infoblox DHCP summary
MAC_DUID Specifies the MAC address
MAC address Infoblox DHCP summary
MAX_DB_OBJECTS Common Extracted fields

MAX_DHCP_LPS Common Extracted fields

MAX_DNS_QPS Common Extracted fields

MEMBER_IP Common Extracted fields

Protocol Specifies the DHCP protocol
String. Example: IPV4 Infoblox DHCP summary
SFP Specifies the SFP
String. Example: Ubuntu/Debian 5/Knoppix 6
os_number_fingerprint_lookup lookup from
/storage/splunk/etc/apps/infoblox/lookups/
os_number_fingerprint_device_class_map.csv
with OS_NUMBER value as input

VIEW It refers to the DNS view key to map the DNS view through lookup. See display_name field
String

date_hour Splunk Default field

date_mday Splunk Default field

date_minute Splunk Default field

date_month Splunk Default field

date_second Splunk Default field

date_wday Splunk Default field

date_year Splunk Default field

date_zone Splunk Default field

dhcp_utilization_status Specifies the DHCP utilization status
String Infoblox DHCP summary
display_name Specifies the DNS view
String
DNS View Lookup from
dns_viewkey_displayname.csv
using the View field value

end_address Specifies the end IP address
IP address Infoblox DHCP summary
eventtype Splunk Default field

host Splunk Default field

index Splunk Default field

info_max_time Common summary index fields

info_min_time Common summary index fields

info_search_time Common summary index fields

linecount Splunk Default field

members Specifies the DHCP member
String. Example: infoblox.localdomain Infoblox DHCP summary
ms_servers Specifies the MS servers
IP address Infoblox DHCP summary
orig_host Specifies the host name of the data source
Example: infoblox.com
Splunk added default field
psrsvd_ct_FREE_ADDRESSES Specifies the count information for FREE_ADDRESSES field si_dhcp_usage_trend

Splunk added special field
psrsvd_ct_dhcp_utilization Specifies the count for dhcp_utilization field si_dhcp_range_utilization_trend

Splunk added special field
psrsvd_ct_dynamic_hosts Specifies the count for dynamic_hosts field si_dhcp_usage_trend

Splunk added special field
psrsvd_ct_static_hosts Specifies the count for static_hosts field si_dhcp_usage_trend

Splunk added special field
psrsvd_ct_v4ack Specifies the count for v4ack field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4decline Specifies the count for v4decline field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4discover Specifies the count for v4discover field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4inform Specifies the count for v4inform field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4leaseactive Specifies the count for v4leaseactive field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4leasequery Specifies the count for v4leasequery field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4leaseunassigned Specifies the count for v4leaseunassigned field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4leaseunknown Specifies the count for v4leaseunknown field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4nak Specifies the count for
v4nak field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4offer Specifies the count for v4offer field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4release Specifies the count for v4release field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4request Specifies the count for v4request field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6advertise Specifies the count for v6advertise field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6confirm Specifies the count for v6confirm field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6decline Specifies the count for v6decline field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6information_request Specifies the count for v6information_request field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6leasequery Specifies the count for v6leasequery field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6leasequery_reply Specifies the count for v6leasequery_reply field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6rebind Specifies the count for v6rebind field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6reconfigure Specifies the count for v6reconfigure field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6relay_forward Specifies the count for v6relay_forward field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6relay_reply Specifies the count for v6relay_reply field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6release Specifies the count for v6release field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6renew Specifies the count for v6renew field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6reply Specifies the count for v6reply field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6request Specifies the count for v6request field si-search-dhcp-message

Splunk added special field
psrsvd_ct_v6solicit Specifies the count for v6solicit field si-search-dhcp-message

Splunk added special field
psrsvd_gc Here, gc = group count. The count for stats grouping and not scoped to a single field.
si_dhcp_usage_trend, si_dhcp_top_lease_client,
si_dhcp_range_utilization_trend,
si_dhcp_top_os_by_network,
si-search-dhcp-message

Splunk added special field
psrsvd_nc_FREE_ADDRESSES Specifies the numerical count for FREE_ADDRESSES field si_dhcp_usage_trend

Splunk added special field
psrsvd_nc_dhcp_utilization Specifies the numerical count for dhcp_utilization field si_dhcp_range_utilization_trend

Splunk added special field
psrsvd_nc_dynamic_hosts Specifies the numerical count for dynamic_hosts field si_dhcp_usage_trend

Splunk added special field
psrsvd_nc_static_hosts Specifies the numerical count for static_hosts field si_dhcp_usage_trend

Splunk added special field
psrsvd_nc_v4ack Specifies the numerical count for v4ack field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4decline Specifies the numerical count for v4decline field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4discover Specifies the numerical count for v4discover field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4inform Specifies the numerical count for v4inform field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4leaseactive Specifies the numerical count for v4leaseactive field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4leasequery Specifies the numerical count for v4leasequery field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4leaseunassigned Specifies the numerical count for v4leaseunassigned field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4leaseunknown Specifies the numerical count for v4leaseunknown field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4nak Specifies the numerical count for v4nak field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4offer Specifies the numerical count for 'v4offer' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4release Specifies the numerical count for ' v4release' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v4request Specifies the numerical count for 'v4request' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6advertise Specifies the numerical count for v6advertise'' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6confirm Specifies the numerical count for 'v6confirm' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6decline Specifies the numerical count for 'v6decline' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6information_request Specifies the numerical count for 'v6information_request' fieldsi field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6leasequery Specifies the numerical count for 'v6leasequery ' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6leasequery_reply Specifies the numerical count for 'v6leasequery_reply' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6rebind Specifies the numerical count for ' v6rebind ' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6reconfigure Specifies the numerical count for 'v6reconfigure ' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6relay_forward Specifies the numerical count for ' v6relay_forward ' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6relay_reply Specifies the numerical count for ' v6relay_reply ' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6release Specifies the numerical count for ' v6release ' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6renew Specifies the numerical count for ' v6renew ' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6reply Specifies the numerical count for ' v6reply ' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6request Specifies the numerical count for ' v6request ' field si-search-dhcp-message

Splunk added special field
psrsvd_nc_v6solicit Specifies the numerical count for ' v6solicit ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_FREE_ADDRESSES Specifies the sum for ' FREE_ADDRESSES ' field si_dhcp_usage_trend

Splunk added special field
psrsvd_sm_dhcp_utilization Specifies the sum for dhcp_utilization field si_dhcp_range_utilization_trend

Splunk added special field
psrsvd_sm_dynamic_hosts Specifies the sum for ' dynamic_hosts ' field si_dhcp_usage_trend

Splunk added special field
psrsvd_sm_static_hosts Specifies the sum for ' static_hosts ' field si_dhcp_usage_trend

Splunk added special field
psrsvd_sm_v4ack Specifies the sum for ' v4ack ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4decline Specifies the sum for ' v4decline ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4discover Specifies the sum for ' v4discover ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4inform Specifies the sum for ' v4inform ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4leaseactive Specifies the sum for ' v4leaseactive ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4leasequery Specifies the sum for ' v4leasequery ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4leaseunassigned Specifies the sum for ' v4leaseunassigned ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4leaseunknown Specifies the sum for ' v4leaseunknown ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4nak Specifies the sum for ' v4nak ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4offer Specifies the sum for ' v4offer ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4release Specifies the sum for ' v4release ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v4request Specifies the sum for ' v4request ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6advertise Specifies the sum for ' v6advertise ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6confirm Specifies the sum for ' v6confirm ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6decline Specifies the sum for ' v6decline ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6information_request Specifies the sum for ' v6information_request ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6leasequery Specifies the sum for ' v6leasequery ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6leasequery_reply Specifies the sum for ' v6leasequery_reply ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6rebind Specifies the sum for ' v6rebind ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6reconfigure Specifies the sum for ' v6reconfigure ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6relay_forward Specifies the sum for ' v6relay_forward ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6relay_reply Specifies the sum for ' v6relay_reply ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6release Specifies the sum for ' v6release ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6renew Specifies the sum for ' v6renew ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6reply Specifies the sum for ' v6reply ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6request Specifies the sum for ' v6request ' field si-search-dhcp-message

Splunk added special field
psrsvd_sm_v6solicit Specifies the sum for ' v6solicit ' field si-search-dhcp-message

Splunk added special field
psrsvd_v Here, v = version. This is not scoped to a single field.
si_dhcp_usage_trend,
si_dhcp_top_lease_client, si_dhcp_range_utilization_trend,
si_dhcp_top_os_by_network,
si-search-dhcp-message

Splunk added special field
psrsvd_vt_FREE_ADDRESSES Contains precision of the ' FREE_ADDRESSES ' field si_dhcp_usage_trend

Splunk added special field
psrsvd_vt_dhcp_utilization Contains precision of the dhcp_utilization field si_dhcp_range_utilization_trend

Splunk added special field
psrsvd_vt_dynamic_hosts Contains precision of the ' dynamic_hosts ' field si_dhcp_usage_trend

Splunk added special field
psrsvd_vt_static_hosts Contains precision of the ' static_hosts ' field si_dhcp_usage_trend

Splunk added special field
psrsvd_vt_v4ack Contains precision of the ' v4ack ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4decline Contains precision of the ' v4decline ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4discover Contains precision of the ' v4discover ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4inform Contains precision of the ' v4inform ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4leaseactive Contains precision of the ' v4leaseactive ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4leasequery Contains precision of the ' v4leasequery ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4leaseunassigned Contains precision of the ' v4leaseunassigned ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4leaseunknown Contains precision of the ' v4leaseunkown ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4nak Contains precision of the ' v4nak ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4offer Contains precision of the ' v4offer ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4release Contains precision of the ' v4release ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v4request Contains precision of the ' v4request ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6advertise Contains precision of the ' v6advertise ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6confirm Contains precision of the ' v6confirm ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6decline Contains precision of the ' v6decline ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6information_request Contains precision of the ' v6information_request ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6leasequery Contains precision of the ' v6leasequery ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6leasequery_reply Contains precision of the ' v6leasequery_reply ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6rebind Contains precision of the ' v6rebind ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6reconfigure Contains precision of the ' v6reconfigure ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6relay_forward Contains precision of the ' v6relay_forward ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6relay_reply Contains precision of the ' v6relay_reply ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6release Contains precision of the ' v6release ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6renew Contains precision of the ' v6renew ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6reply Contains precision of the ' v6reply ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6request Contains precision of the ' v6request ' field si-search-dhcp-message

Splunk added special field
psrsvd_vt_v6solicit Contains precision of the ' v6solicit ' field si-search-dhcp-message

Splunk added special field
report Name of the report that is populating the summary index

DHCP Message Rate Trend data si-search-dhcp-message

DHCPv4 Usage Trend data si_dhcp_usage_trend

DHCP Top Lease Clients report data si_dhcp_top_lease_client

Top Devices Denied an IP Address report data si_devices_denied_an_ip_address

DHCPv4 Range Utilization Trend si_dhcp_range_utilization_trend

Device and Device Classes reports data si_dhcp_top_os_by_network

search_name Common summary index fields

search_now Common summary index fields

source Splunk Default field

sourcetype Splunk Default field

splunk_server Splunk Default field

splunk_server_group Splunk Default field

start_address Specifies the start IP address
IP address Infoblox DHCP summary
timeendpos Common extracted fields

timestartpos Common extracted fields

View Specifies the network view
String. Example: default Infoblox DHCP summary

Infoblox DTC Summary

Extracted Field Name	Description of the field	Reports	Values/Range	Source of Data	Remarks
EA	Common Extracted fields
HWTYPE	Common Extracted fields
MAX_DB_OBJECTS	Common Extracted fields
MAX_DHCP_LPS	Common Extracted fields
MAX_DNS_QPS	Common Extracted fields
MEMBER_IP	Common Extracted fields
date_hour	Splunk Default field
date_mday	Splunk Default field
date_minute	Splunk Default field
date_month	Splunk Default field
date_second	Splunk Default field
date_wday	Splunk Default field
date_year	Splunk Default field
date_zone	Splunk Default field
eventtype	Splunk Default field
host	Splunk Default field
index	Splunk Default field
info_max_time	Common summary index fields
info_min_time	Common summary index fields
info_search_time	Common summary index fields
linecount	Splunk Default field
Monitor	Specifies the monitor		String. Example: https	Infoblox DTC summary
orig_host	Specifies the host name of the data source		Example: infoblox.com		Splunk added default field
pool	Specifies the Pool		String. Example: Pool	Infoblox DTC summary
psrsvd_ct_available	Specifies the count information for available field	si_adns_resource_pool_

availabilitysi

availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_ct_response_count	Specifies the count information for

'responce

response_count

'

field	si_dtc_response_distribution			Splunk added special field
psrsvd_ct_unavailable	Specifies the count information for

'

unavailable

'

field

si_adns_resource_pool_

availabilitysi

availability and si_smart_dns_resource_availability			Splunk added special field
psrscd_ct_value	Specifies the count information for

'

value

'

field	si_smart_dns_resource_snmp			Splunk added special field
psrsvd_gc	Here, gc = group count. This is the count for stats "grouping" and not scoped to a single field.	si_dtc_response_

distributionsi

distribution,
si_smart_dns_resource_

snmpsi

snmp,
si_adns_resource_pool_

availabilitysi

availability, and si_smart_dns_resource_availability			Splunk added special field
psrsvd_nc_available	Specifies the numerical count information for

'

available

'

field

si_adns_resource_pool_

availabilitysi

availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_nc_response_count	Specifies the numerical count information for

'

response_count

'

field	si_dtc_response_distribution			Splunk added special field
psrsvd_nc_unavailable	Specifies the numerical count information for

'

unavailable

'

field

si_adns_resource_pool_

availabilitysi

availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_nc_value	Specifies the numerical count information for

'

value

'

field	si_smart_dns_resource_snmp			Splunk added special field
psrsvd_sm_available	Specifies the sum information for

'

available

'

field

si_adns_resource_pool_

availabilitysi

availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_sm_response_count	Specifies the sum information for

'

response_count

'

field	si_dtc_response_distribution			Splunk added special field
psrsvd_sm_unavailable	Specifies the sum information for

'

unavailable

'

field

si_adns_resource_pool_

availabilitysi

availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_sm_value	Specifies the sum information for

'

value

'

field	si_smart_dns_resource_snmp			Splunk added special field
psrsvd_v	Here, v = version. This is not scoped to a single field.	si_dtc_response_

distributionsi

distribution,
si_smart_dns_resource_

snmpsi

snmp,
si_adns_resource_pool_

availabilitysi

availability,and si_smart_dns_resource_availability			Splunk added special field
psrsvd_vt_available	Contains precision of the

'

available

'

field

si_adns_resource_pool_

availabilitysi

availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_vt_response_count	Contains precision of the response_count

Anchor_GoBack_GoBack

field	si_dtc_response_distribution			Splunk added special field
psrsvd_vt_unavailable	Contains precision of the unavailable field	si_adns_resource_pool_

availabilitysi

availability and si_smart_dns_resource_availability			Splunk added special field
psrsvd_vt_value	Contains precision of the value field	si_smart_dns_resource_snmp			Splunk added special field
report	Name of the report that populates the summary index
	DNS Traffic Control Response Distribution Trend data	si_dtc_response_distribution
	DNS Traffic Control Resource Pool Availability reports data	si_adns_resource_pool_availability
	DNS Traffic Control Resource SNMP reports data	si_smart_dns_resource_snmp
	DNS Traffic Control Resource Availability reports data	si_smart_dns_resource_availability
resource	Specifies the resource		String. Example: Server	Infoblox DTC summary
search_name	Common summary index fields
search_now	Common summary index fields
source	Splunk Default field
sourcetype	Splunk Default field
splunk_server	Splunk Default field
splunk_server_group	Splunk Default field
timeendpos	Common extracted fields
timestartpos	Common extracted fields

Infoblox System Summary

Extracted Field Name	Description of the field	Reports	Values/Range	Source of Data	Remarks
EA	Common Extracted fields
HWTYPE	Common Extracted fields
MAX_DB_OBJECTS	Common Extracted fields
MAX_DHCP_LPS	Common Extracted fields
MAX_DNS_QPS	Common Extracted fields
MEMBER	Specifies the member		String. Example: infoblox.localdomain: inbound	Evaluated from 'the host ' and 'sys_report_id' field values
MEMBER_IP	Common Extracted fields
date_hour	Splunk Default field
date_mday	Splunk Default field
date_minute	Splunk Default field
date_month	Splunk Default field
date_second	Splunk Default field
date_wday	Splunk Default field
date_year	Splunk Default field
date_zone	Splunk Default field
eventtype	Splunk Default field
host	Splunk Default field
index	Splunk Default field
info_max_time	Common summary index fields
info_min_time	Common summary index fields
info_search_time	Common summary index fields
linecount	Splunk Default field
orig_host	Specifies the host name of the data source		Example: infoblox.com		Splunk added default field
psrsvd_ct_CPU_PERCENT	Specifies the count information for the CPU_PERCENT field	si_cpu_usage			Splunk added special field
psrsvd_ct_MEMORY_PERCENT	Specifies the count information for the MEMORY_PERCENT field	si_memory_utilization			Splunk added special field
psrsvd_ct_TRAF_VALUE	Specifies the count information for TRAF_VALUE field	si_traffic_rate			Splunk added special field
psrsvd_gc	Here, gc = group count. This is the count for a stats "grouping," and not scoped to a single field.	si_memory_utilizationsiutilization and si_traffic_ratesi_cpu_usage			Splunk added special field
psrsvd_nc_CPU_PERCENT	Specifies the numerical count information for CPU_PERCENT field	si_cpu_usage			Splunk added special field
psrsvd_nc_MEMORY_PERCENT	Specifies the numerical count information for MEMORY_PERCENT field	si_memory_utilization			Splunk added special field
psrsvd_nc_TRAF_VALUE	Specifies the numerical count information for TRAF_VALUE field	si_traffic_rate			Splunk added special field
psrsvd_sm_CPU_PERCENT	Specifies the sum for CPU_PERCENT field	si_cpu_usage			Splunk added special field
psrsvd_sm_MEMORY_PERCENT	Specifies the sum for MEMORY_PERCENT field	si_memory_utilization			Splunk added special field
psrsvd_sm_TRAF_VALUE	Specifies the sum for TRAF_VALUE field	si_traffic_rate			Splunk added special field
psrsvd_v	Here, v = version. This is not scoped to a single field.	si_memory_utilizationsiutilization, si_traffic_ratesirate, and si_cpu_usage			Splunk added special field
psrsvd_vt_CPU_PERCENT	Contains precision of the CPU_PERCENT field	si_cpu_usage			Splunk added special field
psrsvd_vt_MEMORY_PERCENT	Contains precision of the MEMORY_PERCENT field	si_memory_utilization			Splunk added special field
psrsvd_vt_TRAF_VALUE	Contains precision of the TRAF_VALUE field	si_traffic_rate			Splunk added special field
report	Specifies the name of the report that is populating the summary index
	Index Disk Usage Report Data	si_index_disk_usage
	Memory Utilization Trend data	si_memory_utilization
	Traffic Rate by Member report data	si_traffic_rate
	CPU Utilization Trend data	si_cpu_usage
search_name	Common summary index fields
search_now	Common summary index fields
source	Splunk Default field
sourcetype	Splunk Default field
splunk_server	Splunk Default field
splunk_server_group	Splunk Default field
timeendpos	Common extracted fields
timestartpos	Common extracted fields

Infoblox Security Summary

Extracted Field Name	Description of the field	Reports	Values/Range	Source of Data	Remarks
ACTIVE_COUNT	Specifies the active count		Integer	Infoblox security summary
BLOCK_END	Specifies the block end IP address		Integer	Infoblox security summary
BLOCK_START	Specifies the block start IP address		Integer	Infoblox security summary
DNST_CATEGORY	Specifies the destination category		String

'

atp_rule_sid_lookup

'

lookup from /tmp/reporting_atp_conf/atp_rule_sid_lookup.csv with

'

RULE_SID

'

value as input
EA	Common Extracted fields
HWTYPE	Common Extracted fields
MAX_DB_OBJECTS	Common Extracted fields
MAX_DHCP_LPS	Common Extracted fields
MAX_DNS_QPS	Common Extracted fields
MEMBER_IP	Common Extracted fields
NAT_STATUS	Specifies the NAT status	String	Infoblox security summary
RULE_DESCRIPTION	Specifies the rule description	String. Example: This rule drops unexpected OSPF packets when OSPF is disabled.

'

atp_rule_sid_lookup

'

lookup from /tmp/reporting_atp_conf/atp_rule_sid_lookup.csv with

'

RULE_SID

'

value as input
RULE_NAME	Specifies the rule name		String. Example: DROP OSPF unexpected

'

atp_rule_sid_lookup

'

lookup from /tmp/reporting_atp_conf/atp_rule_sid_lookup.csv with

'

RULE_SID

'

value as input
RULE_SID	Specifies the rule SID		Integer	Infoblox security summary
SOURCE_IP	Specifies the source IP		IP address	Infoblox security summary
SOURCE_PORT	Specifies the source port		Integer	Infoblox security summary
date_hour	Splunk Default field
date_mday	Splunk Default field
date_minute	Splunk Default field
date_month	Splunk Default field
date_second	Splunk Default field
date_wday	Splunk Default field
date_year	Splunk Default field
date_zone	Splunk Default field
eventtype	Splunk Default field
host	Splunk Default field
index	Splunk Default field
info_max_time	Common summary index fields
info_min_time	Common summary index fields
info_search_time	Common summary index fields
linecount	Splunk Default field
orig_host	Specifies the host name of the data source		Example: infoblox.com		Splunk added default field
report	Name of the report that is populating the summary index
	DNS Tunneling Activity Reports data	si_dns_tunneling_activity
search_name	Common summary index fields
search_now	Common summary index fields
source	Splunk Default field
sourcetype	Splunk Default field
splunk_server	Splunk Default field
splunk_server_group	Splunk Default field
timeendpos	Common extracted fields
timestartpos	Common extracted fields

When to Update?

You must update this document in the following scenarios of the reporting data model:

...

Versions Compared

Old Version 13

New Version 14

Key

Splunk default fields

Anchor
_Commonly_extracted_fields
_Commonly_extracted_fields
Commonly extracted fields

Infoblox DNS Summary

Infoblox DTC Summary

Infoblox System Summary

Infoblox Security Summary

When to Update?

Page Comparison

Versions Compared

Old Version 13

New Version 14

Key

Splunk default fields

Anchor_Commonly_extracted_fields_Commonly_extracted_fieldsCommonly extracted fields

Infoblox DNS Summary

Infoblox DTC Summary

Infoblox System Summary

Infoblox Security Summary

When to Update?

Anchor
_Commonly_extracted_fields
_Commonly_extracted_fields
Commonly extracted fields