Re: How to find a index are used in reports, alert...

susinkumar · ‎02-08-2024

It there any best way to find if an index used in any of the saved searches, alerts, reports and dashboard

isoutamo · ‎02-08-2024

Hi
An old answer https://community.splunk.com/t5/Splunk-Search/How-to-find-which-indexes-are-used/m-p/674463 which answer to your questions too.
r. Ismo

ITWhisperer · ‎02-08-2024

There is no simple answer to this. You can use the ReST interface to find all the views (dashboards) and look through the code to find the searches, but even then, indexes may be obfuscated through the use of macros, etc. Having found dashboards with definitions that reference indexes, you might want to check whether anyone actually uses the dashboards. Same gores for reports, alerts, etc.

Perhaps you need to narrow down your question. Are you interested in whether a particular index is used? What is your ultimate aim?

susinkumar · ‎02-16-2024

Yes, I need to check if a particular index is used in any TA.

isoutamo · ‎02-16-2024

As it has said earlier you couldn't get 100% sure answer for this. You should look those old answers to see what you could try to get some answers.

bwheelerice · ‎07-12-2024

I have similar issue. The data we had coming into one of our indexes, has now switched to a different format and slightly different field/value pairs. Now I am tasked with finding, where this index/data is being used in lookups, reports, alerts, etc.... So we can change the SPL To match the new data.

How to find a index are used in reports, alerts and dashboards?

table

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services