Knowledge Management

to list the tags pertaining to some name

piyush_annadate
New Member

I'm trying to search tags created as "tag::source".

This returns data: "tag::source"=$hostlabel$_* | stats count by "tag::source" ,but that returns like each count goes more than 100 and even in 10k+which will eventually lie down slow to searching/populating result.

I just needs to list the "tag::source"=$hostlabel$_* which could be "tag::source"=JIRA* (example).
wherein I'll limit the count to max 10

tag::source....... count
JIRA_A............... 10
JIRA_B............... 8
JIRA_C................ 10 (without limit this results more than 10k)

Tags (2)
0 Karma

jkat54
SplunkTrust
SplunkTrust
 "tag::source"=$hostlabel$_* | dedup "tag::source" | head 10 | table "tag::source"

Or maybe you're looking for this

 "tag::source"=$hostlabel$_* | dedup "tag::source" | table "tag::source"
0 Karma

somesoni2
SplunkTrust
SplunkTrust

If you're just trying list all the tags defined for field source, you can use the Splunk REST API endpoint for tags.

| rest /servicesNS/admin/search/search/fields/host/tags
0 Karma

piyush_annadate
New Member

thanks for the reply .
tried that.. will that be possible to fire from the search itself.
Working on: Made some tags and one of the tag search for files abc.log* as there are file with abc.log.2017-01-01 and other so the exact file abc.log doesn't get listed under tag related to that host.

When I ran | rest /services/search/tags query I got the data but not my tag which where created. Which sevices/rest to call?
I have tags like "tag::source"=JIRA_ACCESS_LOGS

I would like to have tag that matched XYZ_*.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Try one of these REST Endpoints

 | rest /servicesNS/-/-/search/fields/host/tags

 | rest /servicesNS/-/-/search/tags
0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...

SplunkTrust | 2024 SplunkTrust Application Period is Open!

It's that time again, folks! That's right, the application/nomination period for the 2024 SplunkTrust is ...