Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk db connect health monitor is not working

SplunkySplunk
Explorer
‎02-19-2024 02:24 AM

Hello
I want to monitor the health of db connect app inputs and connections and i noticed the the health monitor is not working. im getting the message "search populated no results"


When i tried to investigate the issue i found out that index=_internal is empty
I guess its related.


Can you please help me figure out why the index is empty and the health monitor is not working ?

Labels (2)
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎02-20-2024 12:02 PM

If a search "index=_internal" over the last 24 hours is empty, I can think of a couple of reasons.

Most likely - your role doesn't have administrative access.  (More specifically, it doesn't have access to the _internal index, which is usually limited to admins).  Either log in as an administrator with access to _internal, or have your Splunk folks add this index to your role.

It's also possible that you have DBX installed on a heavy forwarder.  That HF has been told its outputs need to go to your real indexer(s), but it's never been told to *search* the indexer when someone searches for "index=_internal".  The steps you might need are https://docs.splunk.com/Documentation/Splunk/9.2.0/DistSearch/Configuredistributedsearch#Use_Splunk_...

Anyway, if you can confirm the above two things, either one of them is the issue, or you can report back here with what you've found!

 

-Rich

0 Karma
Reply
Get Updates on the Splunk Community!

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...