Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to access _internal index of a search peer?

arkadyz1
Builder
‎03-22-2021 11:57 AM

Not sure that I've picked the correct location - moderators, please move.

I found that I cannot normally run a search on index=_internal and get results from my search peers. Any setting to enable it? Or should I somehow "externalize" the desired data, say, by copying them into a summary index?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-22-2021 01:13 PM

Hi @arkadyz1,

which role are you using to run a search on _internal index?

Is your role enabled to access this index?

You can check at @Settings -- Roles -- Your_role -- Indexes].

If you haven't the grants to see that, ask to an administrator.

ciao.

Giuseppe

0 Karma
Reply

arkadyz1
Builder
‎08-25-2021 08:51 AM

Sorry, haven't visited Splunk community for a long time - way too much work in other projects. I tried to run it as an admin, so can definitely access all indexes. I can see results from the local _internal index, just not from the search peers.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-25-2021 11:42 PM

Hi @arkadyz1,

could you better describe your architecture?

  • are you using a distributed search?
  • have you a cluster?
  • what is the machine you're using to run the search'
  • did you forwarder logs of all Splunk servers to Indexers?

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...