Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Recently cluster="*M5*-CLDB" changed this to cluster="*ML*-CLDB"

bmanikya
Loves-to-Learn Everything
‎09-19-2023 10:15 PM

Would like to run a scan on backend and look for "*M5*-CLDB" or any combination of M5 and CLDB. We have Splunk Distributed environment, indexer and search head clusters. Saved searches, lookups, Dashboards which needs to be modified due to the cluster name change. Could someone share your thoughts on the same.

Tags (1)
0 Karma
Reply

etoombs
Path Finder
‎09-20-2023 05:05 AM

You can start out doing this in Splunk. Expand on the configs you want to look for in the search below, and then after you've pulled all of the configs you care about from rest endpoints, run a search for the keyword you're looking for in it.   You can find a list of configuration files here: https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/Listofconfigurationfiles

| rest/services/configs/conf-macros
| eval config="macros"
| append
[| rest/services/configs/conf-lookups
| eval config="lookups"]
| append
[| rest/services/configs/conf-savedsearches
| eval config="searches"]

You can add in views and such using other endpoints, like | rest /services/data/ui/views

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...