Solved: Introspection search_group assignment

manderson7 · ‎07-19-2017

We're monitoring our splunk environment through the DMC as well as a hand built dashboard consisting of data from the _introspection index. Search looks like:

index=_introspection sourcetype=splunk_resource_usage component=Hostwide  search_group=Indexer | eval total_cpu_usage = 'data.cpu_system_pct' + 'data.cpu_user_pct'  | timechart  minspan=10s partial=f limit=25 Median(total_cpu_usage) AS cpu_usage by host
| eval max=100

We've recently added new servers, including new indexers, and have added them to the DMC successfully, along with assigning their roles there. However, we're not seeing the new servers in the above search. They don't have a search_group assignment. How do I assign the new servers a search_group?
Thank you

manderson7 · ‎07-19-2017

Turns out it's assigned in a csv in my dashboard, so this is a silly question. Sorry to add to the noise.

View solution in original post

manderson7 · ‎07-19-2017

Turns out it's assigned in a csv in my dashboard, so this is a silly question. Sorry to add to the noise.

Introspection search_group assignment

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation