Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I find the queries & searches an App makes in ES or Splunk Enterprise? Thank u in advance for any help.

SamHTexas
Builder
‎08-04-2021 07:36 AM

In order to administer ES better am trying to find the queries, searches an app makes in addition to what data models it uses. Thank u for your help in advance.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

codebuilder
Influencer
‎08-04-2021 02:51 PM

Searches are at: $SPLUNK_HOME/etc/apps/your_app_name/default/savedsearches.conf
Datamodels are at: $SPLUNK_HOME/etc/apps/your_app_name/default/datamodels.conf

You may also find one or both in the local directory, depending on if either is changed/customized.

There are also REST endpoints you can query for more info on scheduled/saved searchs:

| rest /servicesNS/-/your_app_name/saved/searches

| rest /servicesNS/your_user_name/your_app_name/saved/searches

----
An upvote would be appreciated and Accept Solution if it helps!
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...