Skip to content

Commit 68c45e5

Browse files
gjandersgjanders
committed
Adding 1 more message in here
1 parent ed82a8a commit 68c45e5

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

default/savedsearches.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6438,7 +6438,7 @@ request.ui_dispatch_app = SplunkAdmins
64386438
request.ui_dispatch_view = search
64396439
search = ```Attempt to find various messages in the splunk_search_messages which are related to scheduled searches or dashboards which may require correcting, ignore ad-hoc searches\
64406440
This does require the limits.conf log_search_messages=true setting to be enabled to work. If below version 9.1```\
6441-
index=_internal `searchheadhosts` sourcetype=splunk_search_messages (Unable peer) OR bundles OR "bundle replication" OR corrupt OR connecting OR ReadWrite OR Socket OR Timed OR incomplete OR cleanly OR Timeout OR Timed OR process OR insufficient OR (bucket failed) OR "occur when processing chunks in running lookup command" OR "because KV Store status is currently unknown" OR (File line) OR (SearchPipelineExecutor NOT "exceeded configured match_limit") OR S2BucketCache OR DistributedSearchResultCollectionManager OR ("Field extractor" "unusually slow") OR "line *:" OR GeoIPProvider OR "restricting search to" OR ExternalProvider OR message_key="SUMMARIZE:PEER_NOT_FINISHED_AFTER_MAXTIME_EXCEEDED" \
6441+
index=_internal `searchheadhosts` sourcetype=splunk_search_messages (Unable peer) OR bundles OR "bundle replication" OR corrupt OR connecting OR ReadWrite OR Socket OR Timed OR incomplete OR cleanly OR Timeout OR Timed OR process OR insufficient OR (bucket failed) OR "occur when processing chunks in running lookup command" OR "because KV Store status is currently unknown" OR (File line) OR (SearchPipelineExecutor NOT "exceeded configured match_limit") OR S2BucketCache OR DistributedSearchResultCollectionManager OR ("Field extractor" "unusually slow") OR "line *:" OR GeoIPProvider OR "restricting search to" OR ExternalProvider OR message_key="SUMMARIZE:PEER_NOT_FINISHED_AFTER_MAXTIME_EXCEEDED" OR message_key="DISPATCHCOMM:PEER_ERROR_TIMEOUT" \
64426442
NOT "Unable to find tag" NOT "Unable to parse the search" NOT ("Eventtype" "does not exist") NOT "Error in 'outputlookup' command: You have insufficient privileges" NOT "insufficient data in ITSI summary index for policies" \
64436443
NOT ("Failed to fetch REST endpoint" "/services/data/indexes-extended" "Check that the URI path provided exists in the REST API" OR "Not Found")\
64446444
`splunkadmins_searchmessages_admin_1`\

0 commit comments

Comments
 (0)