List of Indexes ItsJohnLocke 7 Comments 14 26 This simple Splunk query will return results for indexes that the current user (typically you) have access to: *NOTE* depending on settings this may or may not return internal indexes. host=* | dedup index |table index 1 host=* | dedup index |table index Share This: Tagged: indexes
masdeeper March 8, 2018 at 11:53 pm This is resource consumming. REST or tstats would be a better choice. Reply
K.T. July 28, 2022 at 10:48 am This one was the only one to aggregate the source type by the index in the clearest manner. Thanks Reply
igor November 17, 2020 at 3:39 pm I prefer something like this | eventcount summarize=f index=* index=_* | dedup index | fields index Reply
dpl December 29, 2020 at 5:34 am Your query is going to be slow. Your better off using dbinspect | dbinspect index=* | stats count by index Reply
blabli May 19, 2021 at 4:49 am | rest splunk_server=* /services/data/indexes | fields title | dedup title Reply
JR February 28, 2022 at 2:31 am Here is my SPL | eventcount summarize=f index=* index=_* | dedup index | fields index | sort index Reply
This is resource consumming. REST or tstats would be a better choice.
| tstats values(sourcetype) where index=* by index
This one was the only one to aggregate the source type by the index in the clearest manner. Thanks
I prefer something like this
| eventcount summarize=f index=* index=_* | dedup index | fields index
Your query is going to be slow. Your better off using dbinspect
| dbinspect index=* | stats count by index
| rest splunk_server=* /services/data/indexes
| fields title
| dedup title
Here is my SPL
| eventcount summarize=f index=* index=_* | dedup index | fields index | sort index