- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Re: How can I display the current users metric ind...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We created a new app, which is configured as the default app for most of the users.
The app contains a default view, which lists all splunk indexes including the metric indexes.
For each index, there is a column which indicates, if the current user has access permissions for the corresponding index.
Our method to list all indexes with access permissions for the current user is:
| eventcount summarize=false index=*
However, this method doesn't work for the new indextype metric.
How can I list all the indexes, which the currently logged in user has access to?
The list should include the indexes searched by default and also the indexes which must be specified explicitly.
Thanks!
- Lorenz
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
In case of metrics this does what you want:
| mstats count(_value) where index=someMetricsIndex AND metric_name=*
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
In case of metrics this does what you want:
| mstats count(_value) where index=someMetricsIndex AND metric_name=*
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
your SPL-Statement will show all the metrics in one index.
What i want:
- List all metric indexes which exists
- List all metric indexes which the currently logged in user has access to
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK. And what about this?
| mstats count(_value) where index=* AND metric_name=* by index
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is working as expected.
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this "| eventcount summarize=false index=* | dedup index | fields index"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This doesn't show any metric indexes.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't get it, with the above, all you do is counting every index that 'summarize' is false?
What I would do is something like:
index=* | dedup index | table index
Can you give other example or something?
What is the name of that column?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the world of event indexes, your example with
index=* | dedup index | table index
will work. It is just ways slower than my solution above.
With the new metric indexes in Splunk 7.x, i don't know how to archive the same result.
So again my question:
How can I list all metric indexes, which the currently logged in user has access to?
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
