Re: Spunk search with index not working

tcsec2user · ‎09-13-2022

Spunk search with index not working only "index=_configtracker" index is working

gcusello · ‎09-13-2022

check if your searches are working with other _* indexes (as e.g. _internal.

Then check if you're in violation, in this case only searches on _* indexes are running, the others are blocked, but indexing continues to normally work.

Ciao.

Giuseppe

tcsec2user · ‎09-13-2022

i have tried with same index="_sl1index" and index="_*sl1index" but its not working

tcsec2user · ‎09-13-2022

tcsec2user · ‎09-13-2022

gcusello · ‎09-13-2022

Hi @tcsec2user,

are you sure that those indexes are existent and active?

see at [Settings -- Indexes]

Anyway, the index name is strange because _* is a notatiopn for Splunk internal indexes, but I don't know this index that seems to be a custom index.

Ciao.

Giuseppe

tcsec2user · ‎09-13-2022

How to enable the blocked indexs

gcusello · ‎09-13-2022

hi @tcsec2user,

If there's no Violation, indexes cannot be blocked, only enabled or disabled and you can enable or disable an index in [Settings -- indexes] or in the indexes.conf file.

If you're speaking of blocked indexes for the License Violation, the only way is to ask to Splunk Support an unblock code.

Ciao.

Giuseppe

Why is Spunk search with index not working?

other

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)