Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to find a index are used in reports, alerts and dashboards?

susinkumar
Engager
‎02-08-2024 12:22 AM

It there any best way to find if an index used in any of the saved searches, alerts, reports and dashboard

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-08-2024 11:51 AM
Hi
An old answer https://community.splunk.com/t5/Splunk-Search/How-to-find-which-indexes-are-used/m-p/674463 which answer to your questions too.
r. Ismo
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-08-2024 01:03 AM

There is no simple answer to this. You can use the ReST interface to find all the views (dashboards) and look through the code to find the searches, but even then, indexes may be obfuscated through the use of macros, etc. Having found dashboards with definitions that reference indexes, you might want to check whether anyone actually uses the dashboards. Same gores for reports, alerts, etc.

Perhaps you need to narrow down your question. Are you interested in whether a particular index is used? What is your ultimate aim?

0 Karma
Reply

susinkumar
Engager
‎02-16-2024 03:50 AM

Yes, I need to check if a particular index is used in any TA.

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-16-2024 07:20 AM
As it has said earlier you couldn't get 100% sure answer for this. You should look those old answers to see what you could try to get some answers.
0 Karma
Reply

bwheelerice
Engager
‎07-12-2024 11:03 AM

I have similar issue. The data we had coming into one of our indexes, has now switched to a different format and slightly different field/value pairs. Now I am tasked with finding, where this index/data is being used in lookups, reports, alerts, etc.... So we can change the SPL To match the new data. 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top