Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Get a list of all views and or searches that use an index

rmorlen
Splunk Employee
Splunk Employee
‎03-03-2014 05:22 AM

I would like to get a list of all views and/or searches that use a specific index. Can I do this using a splunk search?

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-03-2014 06:29 AM

In principle you could use the rest (core Splunk) or splunkentity (SideviewUtils) commands to load saved searches, and perform calculations based on their search string - for example, looking for index=specific.

However, I don't think that's an easy-to-answer question, even for a human looking at the searches.
Take a search that doesn't specify an index as an example, that will search whatever indexes are set as default for the user's role so whether it does search your specific index or not depends on the user executing the search.
Answering that question becomes really messy once you compute an index from a subsearch result...

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-03-2014 06:37 AM

If you only want to consider searches that explicitly list index=specific then you should easily be able to deduce that from the above two ways of loading saved searches.

0 Karma
Reply

rmorlen
Splunk Employee
Splunk Employee
‎03-03-2014 06:34 AM

I'm interested in the searches that "do" specify the index. For our users one of the best practice tips we give them is that they specify the index. We found that it greatly improves search time.

We have over 100 indexes so if you don't specify the index then splunk has to open every index on every indexer to see if there are matching events. This can take a while.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...