Splunk searches relating to General Splunk
clear
index=_audit action=search info=completed search_et="N/A" search_lt="N/A" user!=splunk-system-user | stats count by user
0 comments
[0]
[0]
[0]
[0]
| rest /servicesNS/-/-/data/transforms/lookups getsize=true
| fields splunk_server filename title type size eai:appName
0 comments
[0]
[0]
[0]
[0]
| rest /servicesNS/-/-/data/transforms/lookups getsize=true
| fields splunk_server filename title type size eai:appName
| search filename="<insert lookup file name>"
0 comments
[0]
[0]
[0]
[0]
| tstats count where index=* by _time, _indextime, index | rename _* as * | eval diff_secs=indextime-time, diff_hours=diff_secs/60/60 | stats max(diff_secs) as diff_secs, max(diff_hours) as diff_hours by index
1 comment
[0]
[0]
[0]
[0]
index=_internal sourcetype=splunk_python sendemail ERROR
0 comments
[0]
[0]
[0]
[0]
index=_introspection component=Hostwide | bin _time span=1d | stats values(data.splunk_version) by _time, host
0 comments
[1]
[0]
[1]
[0]
index=_audit action=search search=* user!=splunk-system-user provenance!=scheduler | table _time user search host total_run_time result_count | sort - _time
0 comments
[0]
[0]
[0]
[0]
| rest /services/apps/local | search disabled IN ("false",0)| table title version description splunk_server
0 comments
[0]
[0]
[0]
[0]
index=_internal sourcetype=splunkd earliest=-7d latest=now component=BucketMover | rex field=bkt "/opt/splunk/var/lib/splunk/cold/(?<frozen_index>[^/]+)" | stats count by frozen_index
0 comments
[0]
[0]
[0]
[0]
index=* | stats count by _raw, index, sourcetype, source, host | where count>1
0 comments
[1]
[0]
[1]
[0]