Solved: How to List objects of an application

somesoni2 · ‎07-12-2013

I have an apps which has views, saved searches, field extractions and macros. Is it possible to list all the objects of an app using splunk search??

Basically I want to know if Splunk stores the app's metadata in any of the indexes.
Thanks in advance.

lguinn2 · ‎07-12-2013

Splunk does not store knowledge objects in any index. Knowledge objects are contained in .conf files and .xml files that are stored in the directory hierarchy under $SPLUNK_HOME/etc

Shameless promotion: there is an app on Splunkbase called X-ray Splunk which collects information about the knowledge objects and presents it in a variety of dashboards. It doesn't seem to work yet on all OSes, but it is free.

View solution in original post

jaxjohnny2000 · ‎10-01-2019

Take a look at this splunk base app: https://splunkbase.splunk.com/app/2871/

lguinn2 · ‎07-12-2013

Splunk does not store knowledge objects in any index. Knowledge objects are contained in .conf files and .xml files that are stored in the directory hierarchy under $SPLUNK_HOME/etc

Shameless promotion: there is an app on Splunkbase called X-ray Splunk which collects information about the knowledge objects and presents it in a variety of dashboards. It doesn't seem to work yet on all OSes, but it is free.

somesoni2 · ‎07-12-2013

Thanks for you response roberts. I was looking for more of a search query to list that which can be displayed over a dashboard.

rroberts · ‎07-12-2013

Also, from the Manager->Apps menu you can click the "view objects" link and sort the objects under that app.

How to List objects of an application

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes