Solved: Search that lists the configured indexes on a Splu...

Derek · ‎09-28-2010

Hi,

Is there a search that can return the list of indexes configured on a Splunk Indexer?

Or is the only way to look at the _internal index and work it out based on data that exists in that index from performance metrics etc..

Thanks!

gkanapathy · ‎09-30-2010

You can run | eventcount summarize=false index=* index=_*. This search actually runs distributed, but it does add a field splunk_server so you can sort or filter on that.

View solution in original post

gkanapathy · ‎09-30-2010

You can run | eventcount summarize=false index=* index=_*. This search actually runs distributed, but it does add a field splunk_server so you can sort or filter on that.

Simeon · ‎09-28-2010

If you have no more than 8 indexes, you can do the following:

index=_internal source=*metrics.log* per_index_thruput | stats count by series

The above search grabs indexing metrics from the internal logs. By default, Splunk will only track the top 10 indexes including the two internal ones (_internal and _audit). If you have more than 10 indexes, you can change the metrics logging limit.

Search that lists the configured indexes on a Splunk indexer?

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk