Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Component Code List and Definitions

verizonrap2017
Loves-to-Learn
‎05-07-2024 06:32 AM

Does anyone know of a list of component codes and their meanings for at least _internal and _audit? I have asked instructors and Splunk direct with no help so far. 

Labels (1)
0 Karma
Reply

kiran_panchavat
SplunkTrust
SplunkTrust
‎05-07-2024 09:25 AM

@verizonrap2017 

I'm not sure what you're looking for; are you looking for Splunk components or the default indexes in Splunk? Please use the links provided below for reference. 

https://docs.splunk.com/Documentation/Splunk/9.2.1/Indexer/Aboutmanagingindexes  

https://docs.splunk.com/Documentation/Splunk/9.2.1/Capacity/ComponentsofaSplunkEnterprisedeployment  

I hope this helps, if any reply helps you, you could add your upvote/karma points to that reply, thanks.

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply

verizonrap2017
Loves-to-Learn
‎05-13-2024 05:45 AM

Thank you Kiran. What I am looking for is the meaning of each component code found. For instance If I run - 

index=_*
| stats count by component index log_level

I see many component codes with Warning or Error. The question becomes what does that component code mean and if there is a warning or error what is the action needed to correct or tune? I do not see any documentation in Splunk to that effect and have asked Splunk PS, Splunk Instructors and Splunk Support. No answer yet.

I want to build dashboards and associated alerts to help me know the stability and status of the platform.

Thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...