The Watchtower • Room 1

Splunk Health Report & Monitoring Console

The Splunk Health Report provides a traffic-light view of your Splunk deployment's health. Green = healthy, yellow = warning, red = critical problem.

The Monitoring Console (MC) offers detailed dashboards for indexing performance, search activity, resource usage, forwarder status, and license usage.

Key log files for troubleshooting: splunkd.log (main daemon log), metrics.log (performance metrics every 30 seconds), and the _internal index which contains all of these.

Search for errors in splunkd.log

index=_internal source=*splunkd.log* log_level=ERROR
| stats count by component, message
| sort -count

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

❤️❤️❤️

Question 1 of 2

What does a red indicator in the Health Report mean?

AData is flowing

BNormal operation

CCritical problem

DFeature disabled