Splunk Search

How to list all the saved searches, macros, tags which contains a source=ABC?

pavanae
Builder

Is there any way to list out all the saved searches, macros, tags,etc which have a source=ABC in a search?

Is there any search where i can list them?

Or what could be the grep command to check in the backend Linux environment?

0 Karma
1 Solution

woodcock
Esteemed Legend

Like this in the OS:

find $SPLUNK_HOME/etc -name "*.conf" -exec egrep -l "source=ABC|source = ABC|source= ABC|source =ABC" {} \;

View solution in original post

0 Karma

woodcock
Esteemed Legend

Like this in the OS:

find $SPLUNK_HOME/etc -name "*.conf" -exec egrep -l "source=ABC|source = ABC|source= ABC|source =ABC" {} \;
0 Karma

pavanae
Builder

Thank you for the Answer. What if i am not sure about the source field. I mean it could be renamed with some other names. Then How can i check there If I am not exactly sure about the name of the source field?

0 Karma

woodcock
Esteemed Legend

Just use "=ABC|= ABC" instead.

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>