found the answer to getting all lookup files in use on a dashboard, report or alert. Looking for a way to tell if one specific lookup file is being used.
thank you,
You can use the rest endpoint to search all saved searches for any that contain a reference the specified lookup:
| rest /servicesNS/-/-/saved/searches splunk_server=local | search qualifiedSearch=*lookupname*
You can use the rest endpoint to search all saved searches for any that contain a reference the specified lookup:
| rest /servicesNS/-/-/saved/searches splunk_server=local | search qualifiedSearch=*lookupname*
thank you so much! this did the trick!
is there a way to also include the app? say all reports/dashboards/datasets that are owned by a specific app?
thank you!
| search qualifiedSearch=lookupname eai:acl.app=$YOUR_APP$