Solved: Re: How to restrict btool stanzas without wildcard...

jason0 · ‎01-04-2023

Hello,

I am using splunk 9.0.0.1, and running btool to list out my index settings. The trouble is I only want one stanza, but btool treats the stanza as a wildcard.

splunk btool --debug indexes list cisco

I get all stanza's with "cisco" in them (there are 51 of them, including "index=cisco"). how do restrict this? I only want the "cisco" index.

--jason

goncalocoelho · ‎01-09-2023

Hi,

Have you tried btool command with grep? Something like this...

splunk btool --debug indexes list | grep -A 10 "[cisco]"

-A flag will show you N lines after the string your are looking for

---
If this reply helps you, Karma would be appreciated.

View solution in original post

jason0 · ‎02-15-2023

I admit, I had hoped there was a way to do it within btool itself, but grep is always an option...

goncalocoelho · ‎01-09-2023

Hi,

Have you tried btool command with grep? Something like this...

splunk btool --debug indexes list | grep -A 10 "[cisco]"

-A flag will show you N lines after the string your are looking for

---
If this reply helps you, Karma would be appreciated.

How to restrict btool stanzas without wildcards?

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)