Splunk Search

How to list all the saved searches, macros, tags which contains a source=ABC?

Builder

Is there any way to list out all the saved searches, macros, tags,etc which have a source=ABC in a search?

Is there any search where i can list them?

Or what could be the grep command to check in the backend Linux environment?

0 Karma
1 Solution

Esteemed Legend

Like this in the OS:

find $SPLUNK_HOME/etc -name "*.conf" -exec egrep -l "source=ABC|source = ABC|source= ABC|source =ABC" {} \;

View solution in original post

0 Karma

Esteemed Legend

Like this in the OS:

find $SPLUNK_HOME/etc -name "*.conf" -exec egrep -l "source=ABC|source = ABC|source= ABC|source =ABC" {} \;

View solution in original post

0 Karma

Builder

Thank you for the Answer. What if i am not sure about the source field. I mean it could be renamed with some other names. Then How can i check there If I am not exactly sure about the name of the source field?

0 Karma

Esteemed Legend

Just use "=ABC|= ABC" instead.

0 Karma