Solved: Re: How to list all the saved searches, macros, ta...

pavanae · ‎03-15-2017

Is there any way to list out all the saved searches, macros, tags,etc which have a source=ABC in a search?

Is there any search where i can list them?

Or what could be the grep command to check in the backend Linux environment?

woodcock · ‎03-15-2017

Like this in the OS:

find $SPLUNK_HOME/etc -name "*.conf" -exec egrep -l "source=ABC|source = ABC|source= ABC|source =ABC" {} \;

View solution in original post

woodcock · ‎03-15-2017

Like this in the OS:

find $SPLUNK_HOME/etc -name "*.conf" -exec egrep -l "source=ABC|source = ABC|source= ABC|source =ABC" {} \;

pavanae · ‎03-17-2017

Thank you for the Answer. What if i am not sure about the source field. I mean it could be renamed with some other names. Then How can i check there If I am not exactly sure about the name of the source field?

woodcock · ‎03-17-2017

Just use "=ABC|= ABC" instead.

How to list all the saved searches, macros, tags which contains a source=ABC?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms