 
		
		
		
		
		
	
			
		
		
			
					
		What is "search error" ?
I'm very new to Splunk and i just want to know.
 
		
		
		
		
		
	
			
		
		
			
					
		When you run a search, Splunk create a search job. From a process point of view, there is a splunkd child process and its helper process for each search. When a search job is also related to a directory which contains search logs, reults, and meta data. This directory is also called a dispatch directory. The search job's id which is called sid is the search job's dipatch directory.
You can find dispatch jobs under $SPLUNK_HOME/var/run/splunk/dispatch directory. Except for troubleshooting by Support, usueally users never need to go visit there to retrive data manually.
 
		
		
		
		
		
	
			
		
		
			
					
		Could you describe a litte bit more detail? Step by step what you tried?
