Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Recently cluster="*M5*-CLDB" changed this to cluster="*ML*-CLDB"

bmanikya
Loves-to-Learn Everything
‎09-19-2023 10:15 PM

Would like to run a scan on backend and look for "*M5*-CLDB" or any combination of M5 and CLDB. We have Splunk Distributed environment, indexer and search head clusters. Saved searches, lookups, Dashboards which needs to be modified due to the cluster name change. Could someone share your thoughts on the same.

Tags (1)
0 Karma
Reply

etoombs
Path Finder
‎09-20-2023 05:05 AM

You can start out doing this in Splunk. Expand on the configs you want to look for in the search below, and then after you've pulled all of the configs you care about from rest endpoints, run a search for the keyword you're looking for in it.   You can find a list of configuration files here: https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/Listofconfigurationfiles

| rest/services/configs/conf-macros
| eval config="macros"
| append
[| rest/services/configs/conf-lookups
| eval config="lookups"]
| append
[| rest/services/configs/conf-savedsearches
| eval config="searches"]

You can add in views and such using other endpoints, like | rest /services/data/ui/views

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...