Splunk Search

Splunk Search to find the list of CIM Mapped indexes

alexspunkshell
Contributor

Below are the CIM Macros where i am using and there are different indexes mapped in individual macros.

I want to get the list of all indexes mapped in all the CIM Macros.

Hence i did a scheduled search which runs and check all the macros. But it is utilizing lot of memory and even  searches are failing. Please help me with a better way to get the list of all indexes mapped in CIM Macros.

 

cim_Authentication_indexes
cim_Alerts_indexes
cim_Change_indexes
cim_Endpoint_indexes
cim_Intrusion_Detection_indexes
cim_Malware_indexes
cim_Network_Resolution_indexes	
cim_Network_Sessions_indexes
cim_Network_Traffic_indexes
cim_Vulnerabilities_indexes
cim_Web_indexes

 

 

Labels (3)
0 Karma
1 Solution

meetmshah
Builder

Hello @alexspunkshell, below search should give you list of all CIM Indexes Macro Definition - 

| rest /servicesNS/-/-/admin/macros count=0 splunk_server=local
| search title=cim*indexes
| table title definition

 

Please accept the solution and hit Karma, if this helps! 

View solution in original post

meetmshah
Builder

Hello @alexspunkshell, below search should give you list of all CIM Indexes Macro Definition - 

| rest /servicesNS/-/-/admin/macros count=0 splunk_server=local
| search title=cim*indexes
| table title definition

 

Please accept the solution and hit Karma, if this helps! 

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...