Getting Data In

REST endpoint (or CLI command) for reliable list of ALL clustered indexes

st4ple
Path Finder

We are trying to automate the process of adding new indexes to an Indexer Cluster. For this reason, we would like to get a complete list of all currently deployed indexes in the Indexer Cluster (to prevent user's from ordering indexes that already exist).

We are aware of the /cluster/master/indexes Endpoint => https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/RESTREF/RESTcluster#cluster.2Fmaster.2Findex..., however, this doesn't seem to return any empty indexes (see https://answers.splunk.com/answers/215818/clustered-indexes-not-showing-up-in-the-index-list.html and also the note here: https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Howtomonitoracluster#Indexes_tab)

We absolutely need to also see the empty indexes!

We are also aware of the /services/data/indexes Endpoint, but from our perspective it's not visible there where the indexes are located and if they are part of the Indexer Cluster (or, for instance, just defined locally on a Search Head).

Which endpoint (or, if need be, which CLI command) should we use to get all current clustered Indexes?

0 Karma

jkat54
SplunkTrust
SplunkTrust
 splunk btool indexes list | grep \\[

On an indexer

Or you could pull the stanzas from the config endpoints.

Just remember for "| rest" to work across all servers, it will require port 8089 open to all servers from the searchhead AND the server has to be configured as a search peer. Usually the MC is setup with this in mind.

arjunpkishore5
Motivator

have you tried this ?

| rest /services/admin/indexes splunk_server=*

This is not available in the docs for some reason. I discovered this (a while back) when I visited https://myserver:8089/services/admin to see all the available endpoints for admin

0 Karma

gjanders
SplunkTrust
SplunkTrust
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...