Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Where the logs for runtime search errors and search response times are stored?

mngeow
Engager
‎05-18-2017 08:06 PM

Hi,

I am still relatively new to Splunk. I'm trying to analyze the splunk internal logs. I am currently trying to find the logs for the following:

  1. Runtime Search Errors
  2. Search Response Time

For runtime search errors, I really have no idea where the logs are stored.

I do have some idea on where the search response times can be found. I have looked in the splunk_access and splunk_web_access and found the response times. But I am not sure of the difference between the two.

I am also trying to understand the syntax of the logs as well, would be helpful if you could shed some light on that as well.

Thank you.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎05-19-2017 05:11 AM

http://docs.splunk.com/Documentation/Splunk/6.6.0/Troubleshooting/AboutAccessLogs

it looks like the duration for both the splunk_web_access and splunkd_access logs are the same, but web_access offers new components starting in 6.2.0.

you can look through the _audit and _internal indexes for user search history. I use the _internal index to look if scheduled searches had errors, if that helps.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎05-19-2017 05:11 AM

http://docs.splunk.com/Documentation/Splunk/6.6.0/Troubleshooting/AboutAccessLogs

it looks like the duration for both the splunk_web_access and splunkd_access logs are the same, but web_access offers new components starting in 6.2.0.

you can look through the _audit and _internal indexes for user search history. I use the _internal index to look if scheduled searches had errors, if that helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...