Parsing And Indexing

While parsing, Splunk Enterprise performs number of actions, including:

• Extracting the set of default fields for each event, including host, source, and sourcetype.
• Configuring character set encoding.
• Identifying line termination using line break rules.
• Mask sensitive details in data like credit card numbers.

During the indexing pipeline, Splunk performs?

• Breaking events into segments that can be searched upon.
• Building index data structures.
• Writing raw data and index files to disks.