Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Recently cluster="*M5*-CLDB" changed this to cluster="*ML*-CLDB"

bmanikya
Loves-to-Learn Everything
‎09-19-2023 10:15 PM

Would like to run a scan on backend and look for "*M5*-CLDB" or any combination of M5 and CLDB. We have Splunk Distributed environment, indexer and search head clusters. Saved searches, lookups, Dashboards which needs to be modified due to the cluster name change. Could someone share your thoughts on the same.

Tags (1)
0 Karma
Reply

etoombs
Path Finder
‎09-20-2023 05:05 AM

You can start out doing this in Splunk. Expand on the configs you want to look for in the search below, and then after you've pulled all of the configs you care about from rest endpoints, run a search for the keyword you're looking for in it.   You can find a list of configuration files here: https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/Listofconfigurationfiles

| rest/services/configs/conf-macros
| eval config="macros"
| append
[| rest/services/configs/conf-lookups
| eval config="lookups"]
| append
[| rest/services/configs/conf-savedsearches
| eval config="searches"]

You can add in views and such using other endpoints, like | rest /services/data/ui/views

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...