Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the purpose of Report "Audit - Index Readiness" under SA-Utils apps ?

ekcsoc
Path Finder
‎09-29-2019 10:25 PM

This Report "Audit - Index Readiness" under SA-Utils apps is running for every 30 minutes for last 24 hours time range and getting skipped in Search head. Just wanted to know what is the purpose of this report and can it be disabled ?

0 Karma
Reply

ssmiesko
Explorer
‎04-25-2020 06:29 PM

The saved search Audit - Index Readiness, along with a few other searches in SA-Utils and the lookups the write out to, are the basis for the data returned by the contentinfo REST endpoint. These are then queried by various dashboards (like ESS Content Library) in order to show whether or not data is available for use-cases.

0 Karma
Reply

BainM
Communicator
‎09-30-2019 04:38 AM

It is exactly what it states. It searches all Splunk indexers and evaluates whether an indexer is sending throughput to the metrics.log group. If it detects throughput, cool, assign a 1 to it. If it doesn't it gets a 0. It then writes this to a lookup file and a report. I would assume that this rolls up into a general Splunk health report for the security audits. Security needs continuity and responsiveness. If it doesn't get this from the Splunk env, then it has a problem.

Hope this helps,
Mike

Reply

ashishamalviya1
Explorer
‎01-04-2022 09:51 AM

As this search is heavy on search head, as running every 30 min and search for last 24 hour for all the index, can we customize this search to be lighter on CPU, 
i.e. edit search query, increase schedule interval and reduce search time frame. etc..
Thanking,

Ashish M

Reply

lesly_trinidad
Engager
‎10-27-2022 09:04 PM

i'm wondering this same thing, can the schedule be modified since it's pretty resource intensive. Haven't seen a response on this thread in while. 

0 Karma
Reply

ekcsoc
Path Finder
‎10-03-2019 12:50 AM

Thanks for the info. I wanted to know exactly in which Dashboard this is being used, since its not schedule to send an email or throw an alert

0 Karma
Reply

harsmarvania57
Ultra Champion
‎09-30-2019 12:49 AM

What is the Splunk ES version ? I can't see that report in ES 5.2

0 Karma
Reply

ekcsoc
Path Finder
‎10-01-2019 02:45 AM

ES version - 5.3.1

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...