Imply Lumi glossary
A glossary of technical terms specific to Imply Lumi, and some related terms in third-party products.
Product areas
Imply Lumi API
The programmatic interface for Imply Lumi.
Imply Lumi query syntax
The formal structure for Imply Lumi queries against your event data. Contrast with Splunk® Search Processing Language (SPL).
Imply Lumi UI
The Imply Lumi web application where you can configure integrations, search for events, and perform Imply Lumi administration tasks.
Concepts
attribute
Imply Lumi event metadata, including system attributes and user attributes that you define. Imply Lumi includes system attributes by default and you can define user attributes.
user attribute
An attribute defined by a user to enrich events.
system attribute
A system-defined attribute, usually extracted from an Imply Lumi component such as the event collector, a receiver, or an API key.
event
A unit of data in Imply Lumi.
integration
The way to connect to an external system from Imply Lumi. There are two types of integrations: ingestion and application.
ingestion integration
An integration that allows a third-party application to send events to Imply Lumi. An ingestion integration consists of a receiver and an IAM key.
application integration
An integration with a third-party application to access events within Imply Lumi.
pipeline
A pipeline is an ordered list of event processors that operate on a set of events resulting from a user-defined search query.
processor
An event processor is a rule for event transformation. For example adding, removing, overriding, or otherwise modifying event metadata.
Third-party terms
add-on
Software that configures a Splunk deployment to connect to Imply Lumi, add events, and query events.
Splunk term: add-on.
Splunk index
The repository for Splunk data.
Splunk term: index.
Events
agent
A software component deployed within a service to send events to an event collector.
For example: Open Telemetry (OTel), StatsD, Prometheus, Splunk forwarders.
attribute
Attributes, either system attributes or user attributes, are Imply Lumi event metadata.
user attribute
Attributes derived from a raw event, added by upstream agents, specified in Imply Lumi, or assigned by Imply Lumi.
index
A notable user attribute in Imply Lumi. You can set the value of the index attribute for events in Imply Lumi to configure federated search in Splunk, but an index in Imply Lumi is not to be confused with a Splunk index.
system attribute
A system-defined attribute, usually extracted from an Imply Lumi component such as the event collector, a receiver, or an API key.
event
A unit of data in Imply Lumi. Also, data destined for, but not yet processed by, Imply Lumi.
enriched event
An event that includes metadata from event processing systems like an agent or attributes in Lumi.
raw event
An event in its original state without any formal changes or additional metadata from event processing systems.
receiver
Imply Lumi service that accepts incoming data like events or search requests. During event processing, Imply Lumi adds receiver information to the event as a system attribute. A receiver and an IAM key comprise an integration.
send events
The process by which an agent or a forwarder adds events to Imply Lumi.
Third-party terms
forwarder
A Splunk instance that forwards data to another Splunk instance or to a third-party system. Imply Lumi uses the universal forwarder and heavy forwarder.
Splunk term: forwarder
heavy forwarder
A Splunk forwarder that has the functionality of the universal forwarder and can also index, transform, and route data.
Splunk term: heavy forwarder
universal forwarder
A Splunk forwarder that contains only the essential components needed to forward data.
Splunk term: universal forwarder
Search
explore
The explore screen in the Imply Lumi UI.
search head
The software service that handles search requests and directs search results back to the user. In federated search we refer to Splunk as the federated search head and Imply Lumi as the remote search head.
Third-party terms
federated search
Unified search across a Splunk deployment and Imply Lumi.
Splunk term: federated search.
Search Processing Language (SPL)
A set of commands used to search Splunk data.
Splunk terms: SPL, SPL2.
Administration
account
A centralized view in the Imply Lumi UI for managing company and billing information.
cloud region
The geographical area or areas linked to an account.
Related to cloud regions such as us-east-1.
company
A corporate entity associated with one or more Imply Lumi accounts.
IAM key
An API key in Imply Lumi. You can use IAM keys for querying integrations and managing Imply Lumi resources programmatically with the Imply Lumi API. IAM keys consist of an ID and a token.
active key
An IAM key that has been used to add or search events in the past 24 hours.
inactive key
An IAM key that hasn't been used to add or search events in the past 24 hours.
permission
An ability to perform a specific task in Imply Lumi. Permissions are allocated to roles which are assigned to users.
role
A collection of permissions, often identified by function within a company, assigned to one or more users.
user
An individual who performs tasks in Imply Lumi. Users are linked to roles which convey the permissions to perform tasks.