Splunk Cloud Platform
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to determine which logs are being utilized for specific dashboards, use-cases, or other metrics Splunk Cloud ES?

AL3Z
Builder
‎05-11-2023 01:21 AM

Hi,
How to determine which logs are being utilized for specific dashboards, use-cases, or other metrics in your Splunk Cloud ES?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-12-2023 05:48 AM

There isn't a one-click answer to this question.  Each dashboard or use-case will have to be researched separately.

Simply put, run the base search (everything before the first pipe) and append | stats count by source.  That will produce a list of sources used by that search/use-case.

If the search contains subsearches (via join or append commands then combine the base searches of each subsearch with the base search of the main search using append.

<<base search>>
| append [ <<text before first pipe of subsearch1>>]
| append [ <<text before first pipe of subsearch2>>]
| stats count by source

This method doesn't apply to searches that start with a generating command (tstats, dbxquery, inputlookup, etc.).

Be aware that some sources change names every day.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top