Security
Highlighted

How to search the _internal index for banner error messages that appear on the Splunk Web UI?

Explorer

How do you search for banner messages that appear on the Splunk Web Interface. I'm looking for error messages like "Unable to distribute to peer name XXXXX at uri xx.xx.xx.xxx:xxx because peer status = "Down"

I tried running index=internal source="*webservice.log" raise from a previous post (http://answers.splunk.com/answers/81552/how-to-search-for-all-banner-messages.html), but this doesn't give me the information that I'm looking for.

Highlighted

Re: How to search the _internal index for banner error messages that appear on the Splunk Web UI?

Explorer

I think I got it. I just ran the following search and it gave me the information I was looking for

index=_internal "Unable to distribute"

View solution in original post

Highlighted

Re: How to search the _internal index for banner error messages that appear on the Splunk Web UI?

SplunkTrust
SplunkTrust

I guess All the error/warning messages from Splunk Web UI are stored as Splunk's internal error. May like this will give you all the errors/warnings. Of course, you can search for specific warnings.

index=_internal sourcetype=splunkd log_level="WARN" OR log_level="ERROR" 
Highlighted

Re: How to search the _internal index for banner error messages that appear on the Splunk Web UI?

Explorer

Cool thanks somesoni2!

0 Karma
Highlighted

Re: How to search the _internal index for banner error messages that appear on the Splunk Web UI?

Builder

Hi,
The answer of somesoni2 is good but i just want to extend his answer. Because there many values of field "loglevel" use this query:
index=
internal sourcetype=splunkd log_level=*

Highlighted

Re: How to search the _internal index for banner error messages that appear on the Splunk Web UI?

Path Finder

I found this which closely matches your question.

 | rest /services/messages | table title message severity timeCreated_iso published splunk_server author 

I then created an alert from this..