Re: Why do I see no results when I run "index=_int...

kotig · ‎03-15-2017

I am trying to get the data from the disk_objects.log file running the search: index=_introspection host=hostname but nothing is returned. Can someone help?

Is there anything that need to be done so that we can search on the _introspection index?
Is the _introspection index available for the Linux boxes as well?

Thanks
Koti

lguinn2 · ‎03-15-2017

The _introspection index is only viewable by admins. It is available for any Splunk instance, regardless of OS.
If you don't see anything from your query, try a broader search like "index=_introspection" and check to see what hosts appear in the results. Perhaps your host name is wrong.

Many of the reports in the Monitoring Console (formerly the DMC) are based on the introspection data. Hopefully, you have set up the MC for your environment. You can see a lot of the disk usage information there as well.

kotig · ‎03-15-2017

Appreciate your help on responding to my question. But as I am pretty new to this, I am not clear on what does it mean by MC. I am not sure if that was done by our Admins. I am not sure if I am an admin. Is there any other way to find out the disk usage other than the introspection?

Why do I see no results when I run "index=_introspection host=hostname" search?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk