Solved: How to restrict btool stanzas without wildcards?

jason0 · ‎01-04-2023

Hello,

I am using splunk 9.0.0.1, and running btool to list out my index settings. The trouble is I only want one stanza, but btool treats the stanza as a wildcard.

splunk btool --debug indexes list cisco

I get all stanza's with "cisco" in them (there are 51 of them, including "index=cisco"). how do restrict this? I only want the "cisco" index.

--jason

goncalocoelho · ‎01-09-2023

Hi,

Have you tried btool command with grep? Something like this...

splunk btool --debug indexes list | grep -A 10 "[cisco]"

-A flag will show you N lines after the string your are looking for

---
If this reply helps you, Karma would be appreciated.

View solution in original post

jason0 · ‎02-15-2023

I admit, I had hoped there was a way to do it within btool itself, but grep is always an option...

goncalocoelho · ‎01-09-2023

Hi,

Have you tried btool command with grep? Something like this...

splunk btool --debug indexes list | grep -A 10 "[cisco]"

-A flag will show you N lines after the string your are looking for

---
If this reply helps you, Karma would be appreciated.

How to restrict btool stanzas without wildcards?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation