topic Re: Which index does search.log data populates in, in splunk? in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Which-index-does-search-log-data-populates-in-in-splunk/m-p/295374#M93293 <P>Search logs are not indexed so you won't find them in the UI, except via the job inspector.</P> <P>The disk quota is the amount of storage allowed for the search. I believe it is in bytes.</P> Thu, 15 Feb 2018 14:07:58 GMT richgalloway 2018-02-15T14:07:58Z Which index does search.log data populates in, in splunk? https://community.splunk.com/t5/Getting-Data-In/Which-index-does-search-log-data-populates-in-in-splunk/m-p/295373#M93292 <P>Hi ,</P> <P>Does anyone know which index does search.log data populates in?<BR /> I find search.log during a job inspect, mostly its the source /var/run/ dispatch.<BR /> How to fetch that in Splunk UI?</P> <P>Also another question,</P> <P>What does the line below represent? Does it report the size in MB?</P> <PRE><CODE>INFO DispatchThread - Disk quota = 31457280000 </CODE></PRE> <P>Cheers !</P> Thu, 15 Feb 2018 13:12:05 GMT https://community.splunk.com/t5/Getting-Data-In/Which-index-does-search-log-data-populates-in-in-splunk/m-p/295373#M93292 Mohsin123 2018-02-15T13:12:05Z Re: Which index does search.log data populates in, in splunk? https://community.splunk.com/t5/Getting-Data-In/Which-index-does-search-log-data-populates-in-in-splunk/m-p/295374#M93293 <P>Search logs are not indexed so you won't find them in the UI, except via the job inspector.</P> <P>The disk quota is the amount of storage allowed for the search. I believe it is in bytes.</P> Thu, 15 Feb 2018 14:07:58 GMT https://community.splunk.com/t5/Getting-Data-In/Which-index-does-search-log-data-populates-in-in-splunk/m-p/295374#M93293 richgalloway 2018-02-15T14:07:58Z Re: Which index does search.log data populates in, in splunk? https://community.splunk.com/t5/Getting-Data-In/Which-index-does-search-log-data-populates-in-in-splunk/m-p/295375#M93294 <P>are you just trying to get the search string, itself?</P> Thu, 15 Feb 2018 14:15:53 GMT https://community.splunk.com/t5/Getting-Data-In/Which-index-does-search-log-data-populates-in-in-splunk/m-p/295375#M93294 iandrews_splunk 2018-02-15T14:15:53Z Re: Which index does search.log data populates in, in splunk? https://community.splunk.com/t5/Getting-Data-In/Which-index-does-search-log-data-populates-in-in-splunk/m-p/295376#M93295 <P>search.log is not indexed, and it expires (gets deleted) when the job expires.</P> <P>Each user (or role) has a maximum disk quota fromwhich search jobs consume space (until they expire).<BR /> Run too many large searches, and the quota fills up, preventing more searches, until some of the old ones have been cleared out (by default 10 mins).<BR /> I expect that value to be in bytes, rather than MB.</P> Thu, 15 Feb 2018 14:16:25 GMT https://community.splunk.com/t5/Getting-Data-In/Which-index-does-search-log-data-populates-in-in-splunk/m-p/295376#M93295 nickhills 2018-02-15T14:16:25Z