Why is Spunk search with index not working?

tcsec2user · ‎09-13-2022

Spunk search with index not working only "index=_configtracker" index is working

gcusello · ‎09-13-2022

check if your searches are working with other _* indexes (as e.g. _internal.

Then check if you're in violation, in this case only searches on _* indexes are running, the others are blocked, but indexing continues to normally work.

Ciao.

Giuseppe

tcsec2user · ‎09-13-2022

i have tried with same index="_sl1index" and index="_*sl1index" but its not working

tcsec2user · ‎09-13-2022

tcsec2user · ‎09-13-2022

gcusello · ‎09-13-2022

Hi @tcsec2user,

are you sure that those indexes are existent and active?

see at [Settings -- Indexes]

Anyway, the index name is strange because _* is a notatiopn for Splunk internal indexes, but I don't know this index that seems to be a custom index.

Ciao.

Giuseppe

tcsec2user · ‎09-13-2022

How to enable the blocked indexs

gcusello · ‎09-13-2022

hi @tcsec2user,

If there's no Violation, indexes cannot be blocked, only enabled or disabled and you can enable or disable an index in [Settings -- indexes] or in the indexes.conf file.

If you're speaking of blocked indexes for the License Violation, the only way is to ask to Splunk Support an unblock code.

Ciao.

Giuseppe

Why is Spunk search with index not working?

other

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!