It is exactly what it states. It searches all Splunk indexers and evaluates whether an indexer is sending throughput to the metrics.log group. If it detects throughput, cool, assign a 1 to it. If it doesn't it gets a 0. It then writes this to a lookup file and a report. I would assume that this rolls up into a general Splunk health report for the security audits. Security needs continuity and responsiveness. If it doesn't get this from the Splunk env, then it has a problem.
Hope this helps,
Thanks for the info. I wanted to know exactly in which Dashboard this is being used, since its not schedule to send an email or throw an alert
The saved search
Audit - Index Readiness, along with a few other searches in
SA-Utils and the lookups the write out to, are the basis for the data returned by the
contentinfo REST endpoint. These are then queried by various dashboards (like ESS Content Library) in order to show whether or not data is available for use-cases.