Security

Why do I see no results when I run "index=_introspection host=hostname" search?

Path Finder

I am trying to get the data from the diskobjects.log file running the search: `index=introspection host=hostname` but nothing is returned. Can someone help?

Is there anything that need to be done so that we can search on the _introspection index?
Is the _introspection index available for the Linux boxes as well?

Thanks
Koti

0 Karma

Legend

The introspection index is only viewable by admins. It is available for any Splunk instance, regardless of OS.
If you don't see anything from your query, try a broader search like "index=
introspection" and check to see what hosts appear in the results. Perhaps your host name is wrong.

Many of the reports in the Monitoring Console (formerly the DMC) are based on the introspection data. Hopefully, you have set up the MC for your environment. You can see a lot of the disk usage information there as well.

0 Karma

Path Finder

Appreciate your help on responding to my question. But as I am pretty new to this, I am not clear on what does it mean by MC. I am not sure if that was done by our Admins. I am not sure if I am an admin. Is there any other way to find out the disk usage other than the introspection?

0 Karma