Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to find a index are used in reports, alerts and dashboards?

susinkumar
Engager
‎02-08-2024 12:22 AM

It there any best way to find if an index used in any of the saved searches, alerts, reports and dashboard

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-08-2024 11:51 AM
Hi
An old answer https://community.splunk.com/t5/Splunk-Search/How-to-find-which-indexes-are-used/m-p/674463 which answer to your questions too.
r. Ismo
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-08-2024 01:03 AM

There is no simple answer to this. You can use the ReST interface to find all the views (dashboards) and look through the code to find the searches, but even then, indexes may be obfuscated through the use of macros, etc. Having found dashboards with definitions that reference indexes, you might want to check whether anyone actually uses the dashboards. Same gores for reports, alerts, etc.

Perhaps you need to narrow down your question. Are you interested in whether a particular index is used? What is your ultimate aim?

0 Karma
Reply

susinkumar
Engager
‎02-16-2024 03:50 AM

Yes, I need to check if a particular index is used in any TA.

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-16-2024 07:20 AM
As it has said earlier you couldn't get 100% sure answer for this. You should look those old answers to see what you could try to get some answers.
0 Karma
Reply

bwheelerice
Engager
‎07-12-2024 11:03 AM

I have similar issue. The data we had coming into one of our indexes, has now switched to a different format and slightly different field/value pairs. Now I am tasked with finding, where this index/data is being used in lookups, reports, alerts, etc.... So we can change the SPL To match the new data. 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What did the zero say to the eight?

June 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...

This is the fifth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Now Playing: Splunk Education Summer Learning Premieres

It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...
Top