Splunk organizes data into indexes by sourcetype.
When data is sent to Splunk (via Universal Forwarder, HTTP Event Collector (HEC), etc), it’s tagged with what index and sourcetype it is so that it gets stored properly for later searching.
from User warren – Stack Overflow https://stackoverflow.com/questions/50471867/bind-logs-to-applications/73082639#73082639
via IFTTT