REST API response time

This is a Splunk query to measure REST API response time from the various rest URI’s in Splunk.

Credit goes to somesoni2 on answers.splunk.com! Query found here: https://answers.splunk.com/answers/112073/splunk-query-to-measure-rest-api-response-time.html

Continue Reading →

identify knowledge objects, permissions and extractions

The following will: list all knowledge objects for your SH (or given search peer(s)) each objects name, type, app, permissions, sharing (e.g. global, app, private) and owner if props-extract: the props stanza, props type (e.g if its Inline or Transforms), props sourcetype and props value (e.g. the regex) if transforms-extract: the state (tf_disabled), format (tf_format), tf_fields […]

Continue Reading →

Show Splunk User to Role mapping

The following Splunk REST query shows all roles, number of  capabilities, and landing app for each user.

Continue Reading →

Show all Indexes and Sourcetypes via REST

The following Splunk query uses REST to display non internal indexes associated with sourcetypes. It is my understanding that this is all time (such is the way of REST searches)

Continue Reading →

User Info Dashboard – Using REST

I found this very useful user statistics/information splunk dashboard on www.function1.com/2016/06/rest-easy-with-the-splunk-rest-api. They have additional Splunk REST queries and examples worth checking out!

Continue Reading →

Use REST to gather Index Info

Here is some SPL to get useful information via REST on indexes within your Splunk environment:

Continue Reading →

List of Alerts via REST

The following Splunk search (query) will show a list of alerts within Splunk via the | rest call:

Continue Reading →

List Inputs using REST

As the title says. Pretty nice Splunk Search if you’ve forgotten what inputs you have configured and need a central place to list them.

Continue Reading →

REST Call for Memory & CPU usage on Splunk Servers

This Splunk search will show you use and available CPU and Memory statistics. Depending on your environment you may see multiple Splunk servers:

Slightly modified from: http://www.brainfold.net/2016/03/frequently-used-rest-api-calls-in-splunk.html

Continue Reading →

Splunk Objects With Permissions Granted to Non-existent Roles

Useful search to show a bit of detail on roles and user permissions.

I found this at: https://gist.github.com/acharlieh/3254a7ab13297c760376 Credit goes to acharlieh!

Continue Reading →

Every index explicitly granted to a role

Self explanatory, maps roles to indexes. Useful if you have a lot of indexes!

I found this at: https://gist.github.com/acharlieh/3254a7ab13297c760376 Credit goes to acharlieh!

Continue Reading →

Average Splunk Web requests by hour

This query is pretty awesome! It helped enlighten us to exactly when our splunk infrastructure is being hit with users

I found this at: https://gist.github.com/acharlieh/3254a7ab13297c760376 Credit goes to acharlieh!

Continue Reading →

All indexes not explicitly granted to a role

  I found this at: https://gist.github.com/acharlieh/3254a7ab13297c760376 Credit goes to acharlieh!

Continue Reading →

Memory Usage and Information on Splunk Server

This Splunk Search Query will perform a rest call to indicate current memory consumption on the Splunk server(s) itself/themselves: *NOTE* The following has been modified from the “Distributed Management Console” to be more generic for a copy, paste, and search example.

Continue Reading →