Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

REST endpoint (or CLI command) for reliable list of ALL clustered indexes

st4ple
Path Finder
‎11-25-2019 09:34 AM

We are trying to automate the process of adding new indexes to an Indexer Cluster. For this reason, we would like to get a complete list of all currently deployed indexes in the Indexer Cluster (to prevent user's from ordering indexes that already exist).

We are aware of the /cluster/master/indexes Endpoint => https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/RESTREF/RESTcluster#cluster.2Fmaster.2Findex..., however, this doesn't seem to return any empty indexes (see https://answers.splunk.com/answers/215818/clustered-indexes-not-showing-up-in-the-index-list.html and also the note here: https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Howtomonitoracluster#Indexes_tab)

We absolutely need to also see the empty indexes!

We are also aware of the /services/data/indexes Endpoint, but from our perspective it's not visible there where the indexes are located and if they are part of the Indexer Cluster (or, for instance, just defined locally on a Search Head).

Which endpoint (or, if need be, which CLI command) should we use to get all current clustered Indexes?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎11-25-2019 11:09 AM 
 splunk btool indexes list | grep \\[

On an indexer

Or you could pull the stanzas from the config endpoints.

Just remember for "| rest" to work across all servers, it will require port 8089 open to all servers from the searchhead AND the server has to be configured as a search peer. Usually the MC is setup with this in mind.

Reply

arjunpkishore5
Motivator
‎11-25-2019 10:45 AM

have you tried this ?

| rest /services/admin/indexes splunk_server=*

This is not available in the docs for some reason. I discovered this (a while back) when I visited https://myserver:8089/services/admin to see all the available endpoints for admin

0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎12-06-2019 08:54 PM

Try https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTintrospect you are likely seeing an alias to the indexes endpoint

There is also indexes extended

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...