Splunk search for List of Indexes used by Knowledge Objects
Copy
index=_audit action="search" search="*" | rex field=search "index=(?<index_used>[^\s]+)" | stats values(index_used) as index_used
This search will return all indexes that have been searched over the time period specified. This can be useful to identify what indexes are currently being used and/or used by saved searches/dashboards.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment