According to the Splunk Search Job Inspector documentation, the search.log file for a completed search job can be accessed through Splunk Web by navigating to the job’s detailed inspection view.
To access it:
Open the completed search in Splunk Web.
Click the Job menu (top right of the search interface).
Select Inspect Job.
In the Job Inspector window, click the search.log link.
This log provides in-depth diagnostic details about how the search was parsed, distributed, and executed across the search head and indexers. It contains valuable performance metrics, command execution order, event sampling information, and any error or warning messages encountered during search processing.
The search.log file is generated for every search job—scheduled, ad-hoc, or background—and is stored in the job’s dispatch directory ($SPLUNK_HOME/var/run/splunk/dispatch//).
Other listed options are incorrect:
Option A queries the _internal index, which does not store per-search logs.
Option B is used to view search configurations, not logs.
Option C is not a valid Splunk Web navigation option.
Thus, the only correct and Splunk-documented method is via Job → Inspect Job → search.log.
References (Splunk Enterprise Documentation):
• Search Job Inspector Overview and Usage
• Analyzing Search Performance Using search.log
• Search Job Management and Dispatch Directory Structure
• Splunk Enterprise Admin Manual – Troubleshooting Searches
Submit