List of Indexes

This simple Splunk query will return results for indexes that the current user (typically you) have access to:

*NOTE* depending on settings this may or may not return internal indexes.

host=* | dedup index |table index

masdeeper March 8, 2018 at 11:53 pm

This is resource consumming. REST or tstats would be a better choice.

Reply
Brian April 20, 2020 at 3:02 pm

| tstats values(sourcetype) where index=* by index

Reply
1. K.T. July 28, 2022 at 10:48 am
  
  This one was the only one to aggregate the source type by the index in the clearest manner. Thanks
  
  Reply
igor November 17, 2020 at 3:39 pm

I prefer something like this

| eventcount summarize=f index=* index=_* | dedup index | fields index

Reply
dpl December 29, 2020 at 5:34 am

Your query is going to be slow. Your better off using dbinspect

| dbinspect index=* | stats count by index

Reply
blabli May 19, 2021 at 4:49 am

| rest splunk_server=* /services/data/indexes
| fields title
| dedup title

Reply
JR February 28, 2022 at 2:31 am

Here is my SPL
| eventcount summarize=f index=* index=_* | dedup index | fields index | sort index

Reply
Sebastian Rauhala March 14, 2023 at 1:33 pm

tstats is also a good option.

| tstats latest(_time) as _time count where index=* OR index_* earliest=-24h latest=now by index, sourcetype, source, host

Reply

Splunk Query Repository