Solved: Re: Splunk Search to find the list of CIM Mapped i...

alexspunkshell

Below are the CIM Macros where i am using and there are different indexes mapped in individual macros.

I want to get the list of all indexes mapped in all the CIM Macros.

Hence i did a scheduled search which runs and check all the macros. But it is utilizing lot of memory and even searches are failing. Please help me with a better way to get the list of all indexes mapped in CIM Macros.

cim_Authentication_indexes
cim_Alerts_indexes
cim_Change_indexes
cim_Endpoint_indexes
cim_Intrusion_Detection_indexes
cim_Malware_indexes
cim_Network_Resolution_indexes	
cim_Network_Sessions_indexes
cim_Network_Traffic_indexes
cim_Vulnerabilities_indexes
cim_Web_indexes

meetmshah

Hello @alexspunkshell, below search should give you list of all CIM Indexes Macro Definition -

| rest /servicesNS/-/-/admin/macros count=0 splunk_server=local
| search title=cim*indexes
| table title definition

Please accept the solution and hit Karma, if this helps!

View solution in original post

meetmshah

Hello @alexspunkshell, below search should give you list of all CIM Indexes Macro Definition -

| rest /servicesNS/-/-/admin/macros count=0 splunk_server=local
| search title=cim*indexes
| table title definition

Please accept the solution and hit Karma, if this helps!

Splunk Search to find the list of CIM Mapped indexes

eval

stats

tstats

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...