Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to access _internal index of a search peer?

arkadyz1
Builder
‎03-22-2021 11:57 AM

Not sure that I've picked the correct location - moderators, please move.

I found that I cannot normally run a search on index=_internal and get results from my search peers. Any setting to enable it? Or should I somehow "externalize" the desired data, say, by copying them into a summary index?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-22-2021 01:13 PM

Hi @arkadyz1,

which role are you using to run a search on _internal index?

Is your role enabled to access this index?

You can check at @Settings -- Roles -- Your_role -- Indexes].

If you haven't the grants to see that, ask to an administrator.

ciao.

Giuseppe

0 Karma
Reply

arkadyz1
Builder
‎08-25-2021 08:51 AM

Sorry, haven't visited Splunk community for a long time - way too much work in other projects. I tried to run it as an admin, so can definitely access all indexes. I can see results from the local _internal index, just not from the search peers.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-25-2021 11:42 PM

Hi @arkadyz1,

could you better describe your architecture?

  • are you using a distributed search?
  • have you a cluster?
  • what is the machine you're using to run the search'
  • did you forwarder logs of all Splunk servers to Indexers?

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...