All Apps and Add-ons

list of fields used in a view,search

Mohsin123
Path Finder

Hi,

I want to extract list of all the views,searches, dashboards that use a particular index, say , idx_abc and the fields used in them all.

List of views and searches part is done (open for suggestions) :

List of searches :

| rest timeout=600 splunk_server=local /servicesNS/-/-/saved/searches|eval scheduled=if(is_scheduled=1,"yes","no")|where like(search,"%idx_abc%")|table title search scheduled

List of views :

| rest /servicesNS/-/-/data/ui/views splunk_server=*|rename eai:data as data|where like (data,"%idx_abc%")|table label, data

How to get list of fields used ???

Also , there might be eventtypes and macros making use of idx_abc (though i have checked manually at UI) . Still any idea of a query ?

Thanks,
Shraddha

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

To find eventtypes using a given index, try |rest /services/saved/eventtypes | where like(search,"%idx_abc%").
I'm not aware of a command that retrieves macro definitions.
Getting a list of fields is a problem. Not only is there not a command to do so, every search can create its own fields so any command output would be incomplete.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

To find eventtypes using a given index, try |rest /services/saved/eventtypes | where like(search,"%idx_abc%").
I'm not aware of a command that retrieves macro definitions.
Getting a list of fields is a problem. Not only is there not a command to do so, every search can create its own fields so any command output would be incomplete.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Mohsin123
Path Finder

Thanks,
finding macros:

|rest splunk_server=* /servicesNS/-/-/admin/macros|where like(definition,"%idx_abc%")

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...