Health Check: The list of indexes to be searched b... - Splunk Community

Splunk Enterprise

The Full error is as follows:

Health Check: The list of indexes to be searched by default by the admin role on Splunk server "xxx" includes all non-internal indexes which might cause performance problems

Is there a way to check which alert, dashboard or report is causing the issue ?

I know the specific time that this notification triggers but I do not know how much of use that would be.

I have went through this article, but it doesnt really answer my question but only to shut off the alerts: https://docs.splunk.com/Documentation/ES/6.3.0/Admin/Troubleshootdefaultadminsearches

Best Regards,

(edited)

Disable the search to prevent messages

If you do not want to limit the indexes searched by the admin role, but you want to stop seeing messages, disable the search.

Select Settings > Searches, reports, and alerts.
Locate the Audit - Default Admin Search All Non-Internal search.
Select Edit > Disable.
Click Disable.

https://docs.splunk.com/Documentation/ES/6.3.0/Admin/Troubleshootdefaultadminsearches

Hello,

I do not want to disable the messages caused by the specific alert you have mentionned, but rather find the specific search, alert or dashboard that is causing said message to popup every now and then.

Hopefully I made myself clear 😁

Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...