Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Recently cluster="*M5*-CLDB" changed this to cluster="*ML*-CLDB"

bmanikya
Loves-to-Learn Lots
‎09-19-2023 10:15 PM

Would like to run a scan on backend and look for "*M5*-CLDB" or any combination of M5 and CLDB. We have Splunk Distributed environment, indexer and search head clusters. Saved searches, lookups, Dashboards which needs to be modified due to the cluster name change. Could someone share your thoughts on the same.

Tags (1)
0 Karma
Reply

etoombs
Path Finder
‎09-20-2023 05:05 AM

You can start out doing this in Splunk. Expand on the configs you want to look for in the search below, and then after you've pulled all of the configs you care about from rest endpoints, run a search for the keyword you're looking for in it.   You can find a list of configuration files here: https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/Listofconfigurationfiles

| rest/services/configs/conf-macros
| eval config="macros"
| append
[| rest/services/configs/conf-lookups
| eval config="lookups"]
| append
[| rest/services/configs/conf-savedsearches
| eval config="searches"]

You can add in views and such using other endpoints, like | rest /services/data/ui/views

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...