https://community.splunk.com/t5/Splunk-Search/Searches/m-p/689222#M234886 <P>you could try:<BR /><BR /></P> <LI-CODE lang="markup">index=* | stats values(sourcetype) as sourcetype by index | table index, sourcetype </LI-CODE> <P><BR />this will provide all sourcetypes associated to their index, based on the timeframe given and if they contain event logs during that time frame.&nbsp;</P> Fri, 31 May 2024 17:11:59 GMT antoniolamonica 2024-05-31T17:11:59Z https://community.splunk.com/t5/Splunk-Search/Searches/m-p/688901#M234815 <P>what command can i run if am not sure where an index for a data associated with a sourcetype is stored in splunk</P> Tue, 28 May 2024 15:37:11 GMT https://community.splunk.com/t5/Splunk-Search/Searches/m-p/688901#M234815 whitecat001 2024-05-28T15:37:11Z https://community.splunk.com/t5/Splunk-Search/Searches/m-p/688902#M234816 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/264928">@whitecat001</a>,</P><P>you could try:</P><LI-CODE lang="markup">index=* sourcetype=your_sourcetype</LI-CODE><P>in this way you can know which is the index.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 28 May 2024 15:41:14 GMT https://community.splunk.com/t5/Splunk-Search/Searches/m-p/688902#M234816 gcusello 2024-05-28T15:41:14Z https://community.splunk.com/t5/Splunk-Search/Searches/m-p/688903#M234817 <LI-CODE lang="markup">| tstats count where index=* by index, sourcetype</LI-CODE> Tue, 28 May 2024 15:42:36 GMT https://community.splunk.com/t5/Splunk-Search/Searches/m-p/688903#M234817 deepakc 2024-05-28T15:42:36Z https://community.splunk.com/t5/Splunk-Search/Searches/m-p/688904#M234818 <P>thank you</P> Tue, 28 May 2024 15:43:30 GMT https://community.splunk.com/t5/Splunk-Search/Searches/m-p/688904#M234818 whitecat001 2024-05-28T15:43:30Z https://community.splunk.com/t5/Splunk-Search/Searches/m-p/689222#M234886 <P>you could try:<BR /><BR /></P> <LI-CODE lang="markup">index=* | stats values(sourcetype) as sourcetype by index | table index, sourcetype </LI-CODE> <P><BR />this will provide all sourcetypes associated to their index, based on the timeframe given and if they contain event logs during that time frame.&nbsp;</P> Fri, 31 May 2024 17:11:59 GMT https://community.splunk.com/t5/Splunk-Search/Searches/m-p/689222#M234886 antoniolamonica 2024-05-31T17:11:59Z https://community.splunk.com/t5/Splunk-Search/Searches/m-p/689230#M234889 <P><SPAN>there are several queries :<BR />for example sourcetype=Sample_sourcetype :&nbsp;<BR />1-<BR /></SPAN></P> <LI-CODE lang="markup">| metadata type=sourcetypes | search sourcetype=Sample_sourcetype | table index, sourcetype </LI-CODE> <P><SPAN><BR />2-<BR /></SPAN></P> <LI-CODE lang="markup">| tstats count where sourcetype=Sample_sourcetype by index | table index</LI-CODE> <P><SPAN>&nbsp;</SPAN></P> Fri, 31 May 2024 17:13:36 GMT https://community.splunk.com/t5/Splunk-Search/Searches/m-p/689230#M234889 marysan 2024-05-31T17:13:36Z