Query to list all objects in an app?

Jewatson17 · ‎05-01-2018

I am trying to run a query to find all objects in a particular app (i.e alerts, dashboards, props, etc) Urgent. Thanks

gjanders · ‎12-05-2018

A late answer but:

| rest "/servicesNS/-/<yourappname>/directory" splunk_server=local 
| search eai:acl.app="<yourappname>"
| table title, eai:type

Would be similar to using the "all objects" in the Splunk user interface for a particular app, the second search narrows down to objects created (not created + visible) within the app

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

woodcock · ‎05-01-2018

There is no such thing. You have to query each KO-type via the REST API associated with it and then do some filtering. I finally have a very well executing "Knowledge Object Manifest" Dashboard that is dozens of panels tall. Why does it have so many panels? Because Splunk decided in v6.? that there is NEVER a reason to have a stats panel with more than 100 rows so they ignore any value higher than 100. This REALLY bugs me and has forced me to have 10 panels to cover 1000 eventtypes so that I can do a global search on one screen to check everything at once.

Query to list all objects in an app?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!