Monitoring Splunk

Which knowledge objects correspond to a specific input?

Wynd
Engager

Hi,

I recently started working at a new firm to monitor and manage Splunk for them. The issue I'm encountering is that I want to have a thorough understanding of their deployment, so I'm trying to see where some of their DBX inputs are being used. To avoid confusion as to what I'm trying to do, let me give an example. Let's say I have an input in DB Connect (we'll call it Input_A); The data ingested via Input_A is used by an unknown number of Alerts, an unknown number of dashboards and an unkown number of reports. Is there some way that I can find out how many alerts/dashboards/reports etc. use the data originating from Input_A as well as the names of those alerts/dashboards/reports etc. ? I'm still relatively inexperienced, so perhaps my question will have a simple solution that I'm just not seeing (I'm hoping that the solution is more efficient that looking at the hundreds of alerts/dashobards/reports we have one by one)

 

Thank you!

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

That's not an easy thing to do.  The DBX inputs should have a sourcetype assigned to them so you may be able to match the sourcetype(s) to the KOs that use them.  That's easier said than done, however, because the reference to the sourcetype could be an explicit sourcetype=foo or it could be in a macro or an eventtype or a datamodel.  And then there will be those KOs that don't use a sourcetype at all.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...