Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

REST endpoint (or CLI command) for reliable list of ALL clustered indexes

st4ple
Path Finder
‎11-25-2019 09:34 AM

We are trying to automate the process of adding new indexes to an Indexer Cluster. For this reason, we would like to get a complete list of all currently deployed indexes in the Indexer Cluster (to prevent user's from ordering indexes that already exist).

We are aware of the /cluster/master/indexes Endpoint => https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/RESTREF/RESTcluster#cluster.2Fmaster.2Findex..., however, this doesn't seem to return any empty indexes (see https://answers.splunk.com/answers/215818/clustered-indexes-not-showing-up-in-the-index-list.html and also the note here: https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Howtomonitoracluster#Indexes_tab)

We absolutely need to also see the empty indexes!

We are also aware of the /services/data/indexes Endpoint, but from our perspective it's not visible there where the indexes are located and if they are part of the Indexer Cluster (or, for instance, just defined locally on a Search Head).

Which endpoint (or, if need be, which CLI command) should we use to get all current clustered Indexes?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎11-25-2019 11:09 AM 
 splunk btool indexes list | grep \\[

On an indexer

Or you could pull the stanzas from the config endpoints.

Just remember for "| rest" to work across all servers, it will require port 8089 open to all servers from the searchhead AND the server has to be configured as a search peer. Usually the MC is setup with this in mind.

Reply

arjunpkishore5
Motivator
‎11-25-2019 10:45 AM

have you tried this ?

| rest /services/admin/indexes splunk_server=*

This is not available in the docs for some reason. I discovered this (a while back) when I visited https://myserver:8089/services/admin to see all the available endpoints for admin

0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎12-06-2019 08:54 PM

Try https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTintrospect you are likely seeing an alias to the indexes endpoint

There is also indexes extended

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...