Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Documentation for _introspection Index

PotatoDataUser
Explorer
‎12-02-2024 06:15 AM

So I want to build a dashboard with _introspection index , some of the metrics I am looking for are THP (enabled/disabled), Ulimits, CPU, Mem, Disk usage, swap usage, clocks sync (realtime & hardware) etc.

I couldnt find any solid documentation for _introspection index as to under which source, component these variables will be stored also what all data is available in the index. 

Can someone please point me to a doumented list of all the data points in the index if any docs exists. Also any specific component/source I can find the KPIs I mentioned above.

Labels (2)
Labels
Tags (1)
0 Karma
Reply

dural_yyz
Motivator
‎12-02-2024 08:00 AM

https://docs.splunk.com/Documentation/Splunk/9.3.2/RESTREF/RESTintrospect#server.2Fsysinfo

| rest /services/server/sysinfo
| table splunk_server transparent_hugepage.effective_state

The above will get you the THP status per server, usually best to run from the DMC in a multi server environment - most if not all devices should be reported there.  Running from a SH or SHC may be limited to SH and IDX.

https://docs.splunk.com/Documentation/Splunk/9.3.2/RESTREF/RESTintrospect#server.2Fstatus.2Fresource...

| rest /services/server/status/resource-usage/hostwide
| table splunk_server *cpu* *mem*
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-02-2024 07:40 AM

That is a Splunk internal index so any documentation (if it exists) would be internal to Splunk.  You may be able to find some useful information in the Troubleshooting Manual or the REST API Reference Manual.

---
If this reply helps you, Karma would be appreciated.
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...