We can't search log index=_internal _audit _introspectionWe setup role select indexes "All non-internal indexes" and "All internal indexes" but can't see log _internal
You can look into Authorize.conf for these -
srchIndexesDefault = _internal
if still issue persist , You can look for something in splunkd.log that can help tell you where the problem is by using ERROR keyword.
CLI- grep ERROR $SPLUNK_HOME/var/log/splunk/splunkd.log
What is your search query? Are you seeing anything when searching "index=_internal"?
What is your search query?
Are you seeing anything when searching "index=_internal"?
I'm not see anything