List of Indexes ItsJohnLocke 3 Comments 5 11 This simple Splunk query will return results for indexes that the current user (typically you) have access to: *NOTE* depending on settings this may or may not return internal indexes. host=* | dedup index |table index 1 host=* | dedup index |table index Share This: Tagged: indexes
masdeeper March 8, 2018 at 11:53 pm This is resource consumming. REST or tstats would be a better choice. Reply
igor November 17, 2020 at 3:39 pm I prefer something like this | eventcount summarize=f index=* index=_* | dedup index | fields index Reply
This is resource consumming. REST or tstats would be a better choice.
| tstats values(sourcetype) where index=* by index
I prefer something like this
| eventcount summarize=f index=* index=_* | dedup index | fields index