Solved: Splunk Search to find the list of CIM Mapped index...

alexspunkshell · ‎04-08-2024

Below are the CIM Macros where i am using and there are different indexes mapped in individual macros.

I want to get the list of all indexes mapped in all the CIM Macros.

Hence i did a scheduled search which runs and check all the macros. But it is utilizing lot of memory and even searches are failing. Please help me with a better way to get the list of all indexes mapped in CIM Macros.

cim_Authentication_indexes
cim_Alerts_indexes
cim_Change_indexes
cim_Endpoint_indexes
cim_Intrusion_Detection_indexes
cim_Malware_indexes
cim_Network_Resolution_indexes	
cim_Network_Sessions_indexes
cim_Network_Traffic_indexes
cim_Vulnerabilities_indexes
cim_Web_indexes

meetmshah · ‎04-08-2024

Hello @alexspunkshell, below search should give you list of all CIM Indexes Macro Definition -

| rest /servicesNS/-/-/admin/macros count=0 splunk_server=local
| search title=cim*indexes
| table title definition

Please accept the solution and hit Karma, if this helps!

View solution in original post

meetmshah · ‎04-08-2024

Hello @alexspunkshell, below search should give you list of all CIM Indexes Macro Definition -

| rest /servicesNS/-/-/admin/macros count=0 splunk_server=local
| search title=cim*indexes
| table title definition

Please accept the solution and hit Karma, if this helps!

Splunk Search to find the list of CIM Mapped indexes

eval

stats

tstats

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation