The following logs are included in the _introspection index, which contains data that the Splunk

Enterprise deployment logs for platform instrumentation:

disk_objects.log. This log contains information about the disk objects that Splunk creates and

manages, such as buckets, indexes, and files. This log can help monitor the disk space usage and the

bucket lifecycle.

resource_usage.log. This log contains information about the resource usage of Splunk processes,

such as CPU, memory, disk, and network. This log can help monitor the Splunk performance and

identify any resource bottlenecks. The following logs are not included in the _introspection index,

but rather in the _internal index, which contains data that Splunk generates for internal logging:

audit.log. This log contains information about the audit events that Splunk records, such as user

actions, configuration changes, and search activity. This log can help audit the Splunk operations and

security.

metrics.log. This log contains information about the performance metrics that Splunk collects, such

as data throughput, data latency, search concurrency, and search duration. This log can help measure

the Splunk performance and efficiency. For more information, see About Splunk Enterprise

logging and [About the _introspection index] in the Splunk documentation.