Archive
Highlighted

What are the two ways to list indexes available in splunk search head ?

Motivator

Hi All,

I had two question's on splunk.

1) How to list the indexes details available in splunk search heads?
2) What is streaming and non-streaming commands and how are they executed (in which scenario's it is used)

thanks in advance.

0 Karma
Highlighted

Re: What are the two ways to list indexes available in splunk search head ?

SplunkTrust
SplunkTrust

Are these exam questions?

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: What are the two ways to list indexes available in splunk search head ?

Motivator

Hi richgalloway, Its an interview question, which I was unable to answer it, so could guide me on the proper answer to this question.

thanks.

0 Karma
Highlighted

Re: What are the two ways to list indexes available in splunk search head ?

Motivator

Hi Guys can any one update me on this ?

Regarding streaming and non-streaming commands, got the below detail on how the commands are executed.

Streaming commands - operates on each event as it is returned by a search. Think of applying "function/transformation" to each event and then writing out the result of that operation. An example of such a command might be a command that adds a field to each event.

Non-streaming commands - Expects to have all the data before it operates on it. An example of a non-streaming command is the stats command, which will collect all the data before it can calculate the statistics.

Similarly for the below question let me know whether answer to the question is correct or not!
1) How to list the indexes details available in splunk search heads?

We can the indexes configured in splunk searched by login into splunk web portal --> settings --> indexes.
By executing the splunk btool command from the search head instances to find the list of indexes available in splunk search head.

./splunk btool indexes list --debug | less

0 Karma
Highlighted

Re: What are the two ways to list indexes available in splunk search head ?

SplunkTrust
SplunkTrust

You can also use REST API endpoints (with | rest command) to know indexes created.
http://docs.splunk.com/Documentation/Splunk/6.2.6/RESTREF/RESTintrospect#data.2Findexes

| rest /services/data/indexes splunk_server=local
0 Karma
Highlighted

Re: What are the two ways to list indexes available in splunk search head ?

Communicator

Your splunk btool indexes list --debug just reflects what is in your indexes.conf files. This could fit the active indexes, but only after a restart of Splunk after changes to any your indexes.conf files.

0 Karma