Security

Why do I see no results when I run "index=_introspection host=hostname" search?

kotig
Path Finder

I am trying to get the data from the disk_objects.log file running the search: index=_introspection host=hostname but nothing is returned. Can someone help?

Is there anything that need to be done so that we can search on the _introspection index?
Is the _introspection index available for the Linux boxes as well?

Thanks
Koti

0 Karma

lguinn2
Legend

The _introspection index is only viewable by admins. It is available for any Splunk instance, regardless of OS.
If you don't see anything from your query, try a broader search like "index=_introspection" and check to see what hosts appear in the results. Perhaps your host name is wrong.

Many of the reports in the Monitoring Console (formerly the DMC) are based on the introspection data. Hopefully, you have set up the MC for your environment. You can see a lot of the disk usage information there as well.

0 Karma

kotig
Path Finder

Appreciate your help on responding to my question. But as I am pretty new to this, I am not clear on what does it mean by MC. I am not sure if that was done by our Admins. I am not sure if I am an admin. Is there any other way to find out the disk usage other than the introspection?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...