Splunk Search

What are the defaults for the dbinspect command?

hulahoop
Splunk Employee
Splunk Employee

On the Search App > Status > Index activity dashboard, there is an Index health report showing the bucket spread over time. In observation, it is reporting on the main index. This report is generated by the search "| dbinspect bins=400". The documentation could use a little more detail. Is it correct to assume the default index is main?

1 Solution

gkanapathy
Splunk Employee
Splunk Employee

Yes. Well, actually the default index used is the default db which is almost always main. Note BTW that | dbinspect does not distribute, i.e., it only reports on the local server even in distributed search mode.

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

Yes. Well, actually the default index used is the default db which is almost always main. Note BTW that | dbinspect does not distribute, i.e., it only reports on the local server even in distributed search mode.

Get Updates on the Splunk Community!

Harnessing Splunk’s Federated Search for Amazon S3

Managing your data effectively often means balancing performance, costs, and compliance. Splunk’s Federated ...

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...