Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to pull the index and app\workspace names on Splunk search heads?

yu94
New Member
‎10-10-2017 03:54 PM

Hi,

Can you please help me to write a query to run on the search heads which will list me the index and app\workspace names in a tabular format?

It would be even helpful if you can write a query to display like these are the indexes in this App\Workspace.

This is basically to give an idea to a new user to get started.. If i can build a dashboard which will list out the list of indexes in each workspace it would help them to identify their workspace\app and indexes in it.

Thanks,
Thippesh

0 Karma
Reply

MuS
Legend
‎10-10-2017 05:05 PM

Hi yu94,

as admin user you can run this search:

| rest /servicesNS/-/-/data/indexes
| table title eai:acl.app 
| rename "eai:acl.app" AS app title AS index 
| stats count values(index) AS index by app

to get a table of indexes per app.
If you don't have the admin role assigned, ask your friendly Splunk admin to create a saved search and report/dashboard for you.

Hope this helps ...

cheers, MuS

Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...