All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

list of fields used in a view,search

Mohsin123
Path Finder
‎02-28-2018 02:42 AM

Hi,

I want to extract list of all the views,searches, dashboards that use a particular index, say , idx_abc and the fields used in them all.

List of views and searches part is done (open for suggestions) :

List of searches :

| rest timeout=600 splunk_server=local /servicesNS/-/-/saved/searches|eval scheduled=if(is_scheduled=1,"yes","no")|where like(search,"%idx_abc%")|table title search scheduled

List of views :

| rest /servicesNS/-/-/data/ui/views splunk_server=*|rename eai:data as data|where like (data,"%idx_abc%")|table label, data

How to get list of fields used ???

Also , there might be eventtypes and macros making use of idx_abc (though i have checked manually at UI) . Still any idea of a query ?

Thanks,
Shraddha

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-28-2018 06:14 AM

To find eventtypes using a given index, try |rest /services/saved/eventtypes | where like(search,"%idx_abc%").
I'm not aware of a command that retrieves macro definitions.
Getting a list of fields is a problem. Not only is there not a command to do so, every search can create its own fields so any command output would be incomplete.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-28-2018 06:14 AM

To find eventtypes using a given index, try |rest /services/saved/eventtypes | where like(search,"%idx_abc%").
I'm not aware of a command that retrieves macro definitions.
Getting a list of fields is a problem. Not only is there not a command to do so, every search can create its own fields so any command output would be incomplete.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

Mohsin123
Path Finder
‎02-28-2018 06:38 AM

Thanks,
finding macros:

|rest splunk_server=* /servicesNS/-/-/admin/macros|where like(definition,"%idx_abc%")

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...