All Apps and Add-ons

list of fields used in a view,search

Mohsin123
Path Finder

Hi,

I want to extract list of all the views,searches, dashboards that use a particular index, say , idx_abc and the fields used in them all.

List of views and searches part is done (open for suggestions) :

List of searches :

| rest timeout=600 splunk_server=local /servicesNS/-/-/saved/searches|eval scheduled=if(is_scheduled=1,"yes","no")|where like(search,"%idx_abc%")|table title search scheduled

List of views :

| rest /servicesNS/-/-/data/ui/views splunk_server=*|rename eai:data as data|where like (data,"%idx_abc%")|table label, data

How to get list of fields used ???

Also , there might be eventtypes and macros making use of idx_abc (though i have checked manually at UI) . Still any idea of a query ?

Thanks,
Shraddha

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

To find eventtypes using a given index, try |rest /services/saved/eventtypes | where like(search,"%idx_abc%").
I'm not aware of a command that retrieves macro definitions.
Getting a list of fields is a problem. Not only is there not a command to do so, every search can create its own fields so any command output would be incomplete.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

To find eventtypes using a given index, try |rest /services/saved/eventtypes | where like(search,"%idx_abc%").
I'm not aware of a command that retrieves macro definitions.
Getting a list of fields is a problem. Not only is there not a command to do so, every search can create its own fields so any command output would be incomplete.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Mohsin123
Path Finder

Thanks,
finding macros:

|rest splunk_server=* /servicesNS/-/-/admin/macros|where like(definition,"%idx_abc%")

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

REGISTER NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more ...

Security Highlights | November 2022 Newsletter

 November 2022 2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a RowSplunk is ...

Platform Highlights | November 2022 Newsletter

 November 2022 Skill Up on Splunk with our New Builder Tech Talk SeriesCan you build it? Yes you can! *play ...