Solved: Re: What is the best way to get list of index in m...

ma_anand1984 · ‎10-19-2012

Currently i'm running this command for 2 days, it takes quite a lot of time

index=* | stats count by index

Is there a better to get list of index? Since its like a table created in splunk. it should be fairly easy to get it some other way.

ma_anand1984 · ‎10-19-2012

refer: http://splunk-base.splunk.com/answers/39370/is-it-possibl-to-get-a-list-of-available-indices



| eventcount summarize=false index=* index=_* | dedup index | fields index

View solution in original post

jcorcoran508 · ‎04-14-2020

tompai · ‎03-05-2020

Settings -> Indexes ?

ma_anand1984 · ‎10-19-2012

refer: http://splunk-base.splunk.com/answers/39370/is-it-possibl-to-get-a-list-of-available-indices



| eventcount summarize=false index=* index=_* | dedup index | fields index

Ayn · ‎10-19-2012

You can get all kinds of info about your indexes by hitting the REST endpoint data/indexes:

| rest /services/data/indexes

sloshburch · ‎02-11-2013

Thank you for the rest command! I hadn't thought of that and that contains so much of the data I've been looking for.

DUThibault · ‎11-23-2017

How do you use this in, say, a custom app's input panel? If I try running the 'rest /services/data/indexes' search, I get "No results found", even with the time set to "All time". Like for mendesjo, 'eventcount' reports "No results found".

mendesjo · ‎09-02-2015

| eventcount summarize=false index= index=_ | dedup index | fields index

doesn't work I get "no results found"

ma_anand1984 · ‎10-19-2012

Thanks ayn for the quick reply. I was looking for the answer mentioned in
http://splunk-base.splunk.com/answers/39370/is-it-possibl-to-get-a-list-of-available-indices
I should have checked it before posting this question

What is the best way to get list of index in my splunk

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!