Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Health Check: The list of indexes to be searched by default by the admin role on Splunk server

zekiramhi
Path Finder
‎11-06-2020 02:40 AM

The Full error is as follows:

Health Check: The list of indexes to be searched by default by the admin role on Splunk server "xxx" includes all non-internal indexes which might cause performance problems

Is there a way to check which alert, dashboard or report is causing the issue ?

I know the specific time that this notification triggers but I do not know how much of use that would be.

I have went through this article, but it doesnt really answer my question but only to shut off the alerts: https://docs.splunk.com/Documentation/ES/6.3.0/Admin/Troubleshootdefaultadminsearches

Best Regards,

Labels (3)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎11-06-2020 03:25 AM

Hi @zekiramhi  

(edited)

Disable the search to prevent messages

If you do not want to limit the indexes searched by the admin role, but you want to stop seeing messages, disable the search.

  1. Select Settings > Searches, reports, and alerts.
  2. Locate the Audit - Default Admin Search All Non-Internal search.
  3. Select Edit > Disable.
  4. Click Disable.

https://docs.splunk.com/Documentation/ES/6.3.0/Admin/Troubleshootdefaultadminsearches

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

zekiramhi
Path Finder
‎11-06-2020 03:41 AM

Hello,

I do not want to disable the messages caused by the specific alert you have mentionned, but rather find the specific search, alert or dashboard that is causing said message to popup every now and then.

Hopefully I made myself clear 😁

0 Karma
Reply
Get Updates on the Splunk Community!

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Index This | What is the next number in the series? 7,645 5,764 4,576…

February 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...