Deployment Architecture

Where the logs for runtime search errors and search response times are stored?

mngeow
Engager

Hi,

I am still relatively new to Splunk. I'm trying to analyze the splunk internal logs. I am currently trying to find the logs for the following:

  1. Runtime Search Errors
  2. Search Response Time

For runtime search errors, I really have no idea where the logs are stored.

I do have some idea on where the search response times can be found. I have looked in the splunk_access and splunk_web_access and found the response times. But I am not sure of the difference between the two.

I am also trying to understand the syntax of the logs as well, would be helpful if you could shed some light on that as well.

Thank you.

Tags (1)
0 Karma
1 Solution

cmerriman
Super Champion

http://docs.splunk.com/Documentation/Splunk/6.6.0/Troubleshooting/AboutAccessLogs

it looks like the duration for both the splunk_web_access and splunkd_access logs are the same, but web_access offers new components starting in 6.2.0.

you can look through the _audit and _internal indexes for user search history. I use the _internal index to look if scheduled searches had errors, if that helps.

View solution in original post

0 Karma

cmerriman
Super Champion

http://docs.splunk.com/Documentation/Splunk/6.6.0/Troubleshooting/AboutAccessLogs

it looks like the duration for both the splunk_web_access and splunkd_access logs are the same, but web_access offers new components starting in 6.2.0.

you can look through the _audit and _internal indexes for user search history. I use the _internal index to look if scheduled searches had errors, if that helps.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...