Solved: Re: Introspection search_group assignment

manderson7 · ‎07-19-2017

We're monitoring our splunk environment through the DMC as well as a hand built dashboard consisting of data from the _introspection index. Search looks like:

index=_introspection sourcetype=splunk_resource_usage component=Hostwide  search_group=Indexer | eval total_cpu_usage = 'data.cpu_system_pct' + 'data.cpu_user_pct'  | timechart  minspan=10s partial=f limit=25 Median(total_cpu_usage) AS cpu_usage by host
| eval max=100

We've recently added new servers, including new indexers, and have added them to the DMC successfully, along with assigning their roles there. However, we're not seeing the new servers in the above search. They don't have a search_group assignment. How do I assign the new servers a search_group?
Thank you

manderson7 · ‎07-19-2017

Turns out it's assigned in a csv in my dashboard, so this is a silly question. Sorry to add to the noise.

View solution in original post

manderson7 · ‎07-19-2017

Turns out it's assigned in a csv in my dashboard, so this is a silly question. Sorry to add to the noise.

Introspection search_group assignment

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk