Splunk Dev

How to show enabled or disabled number of saved searches w.r.t. hosts irrespective of time range?

jhantuSplunk
New Member

to show enabled or disabled number of saved searches w.r.t. hosts irrespective of time range in Splunk?

Tags (1)
0 Karma

jconger
Splunk Employee
Splunk Employee

This search may be what you want:

| rest /services/saved/searches | table title disabled splunk_server search

alt text

jhantuSplunk
New Member

I want do this by using index not rest

0 Karma

jconger
Splunk Employee
Splunk Employee

I'm not quite sure what you mean when you state "...using index...". Data about saved searches is not kept in an index. The search I posted above will give you information about saved searches though. I added a screenshot to the original answer to see an example.

0 Karma

vya9836
New Member

How do i need to get a report created on search head for the network/modular inputs which are created on a Heavy Forwarder using rest Api command.

0 Karma

vya9836
New Member

How do i need to get a report created on search head for the network/modular inputs which are created on a Heavy Forwarder using rest Api command.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...