Re: How can i search what all indexes are into sp...

rajksplunk · ‎09-20-2016

please let me know via CLI or Splunkweb.?

esix_splunk · ‎09-20-2016

You can also use btool

./splunk btool indexes --debug

That will show the full path of the indexes.conf applied and the app it's applied from. You can pipe that to grep and search for EnterpriseSecuruty. Additionally if you're on the latest version of ES, and in a distributed environment, you can use the GUI to created the TA forindexers. Open this up and you can see the configs for indexers.

somesoni2 · ‎09-20-2016

How about the documentation?
http://docs.splunk.com/Documentation/ES/4.2.0/Install/Indexes#Indexes_by_app

YOu can use the following search as well (need to provide the app name)

| rest /services/data/indexes splunk_server=local | search eai:acl.app="App Name Here" | table title

rajksplunk · ‎09-20-2016

Thanks ! somesoni2 for responding but i found no results when i triggered search that you provided.
could help me out if any alternate ?
i can see all indexes bu using"| rest /services/data/indexes splunk_server=local |but when i tried for specific app then No Results found

somesoni2 · ‎09-20-2016

Check the field name in the | search (should be correct only but double check) and the app name (need the app folder name ).

OR may be just run this and check the app name.

| rest /services/data/indexes splunk_server=local  | table title eai:acl.app

How can i search what all indexes are into splunk ESS app?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases