Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Query

whitecat001
Explorer
‎03-20-2024 01:36 PM

Is there a way to create a query to show the errors from splunk TA and kv store 

0 Karma
Reply

PaulPanther
Motivator
‎03-26-2024 01:09 AM

You should find all neccessary information about Splunk TAs and the kv store in your "_internal" index.

As a second step you could check the "source" field for the TAs that you want to monitor. Most of the available TAs are writing logs in their own logfile under $SPLUNK_HOME/var/log/splunk

For the kv store check the mongod.log.

More information:

What Splunk software logs about itself - Splunk Documentation

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...