AgentSkillsCN

Splunk Metadata

Splunk 元数据

SKILL.md

splunk-metadata

Query index, source, and sourcetype configurations for Splunk.

Purpose

Discover and explore metadata about indexes, sources, sourcetypes, and fields.

Risk Levels

OperationRiskNotes
List indexes-Read-only
Get index info-Read-only
List sources-Read-only
List sourcetypes-Read-only
Get field summary-Read-only
Metadata search-Read-only

Triggers

  • "metadata", "index", "source", "sourcetype"
  • "fields", "discovery", "catalog"

CLI Commands

CommandDescription
metadata indexesList available indexes
metadata index-infoIndex size, event count, time range
metadata sourcesUnique sources per index
metadata sourcetypesSourcetypes in use
metadata searchExecute | metadata search (supports hosts, sources, sourcetypes)
metadata fieldsField summary for index/sourcetype

Options

OptionCommandsDescription
-f, --filterindexesFilter indexes by name pattern
-o, --outputindexes, sources, sourcetypes, search, fieldsOutput format (text, json)
-i, --indexsources, sourcetypes, searchFilter by index
-e, --earliestsearch, fieldsEarliest time
-s, --sourcetypefieldsFilter by sourcetype

Examples

bash
# List all indexes (with filter and output options)
splunk-as metadata indexes
splunk-as metadata indexes -f "main*" -o json

# Get index details
splunk-as metadata index-info main

# List sourcetypes (with output format)
splunk-as metadata sourcetypes -i main
splunk-as metadata sourcetypes -i main -o json

# List sources
splunk-as metadata sources -i main
splunk-as metadata sources -i main -o json

# Field summary (with earliest time)
splunk-as metadata fields main -s access_combined
splunk-as metadata fields main -s access_combined -e -24h -o json

# Metadata search (with time range)
splunk-as metadata search sourcetypes -i main
splunk-as metadata search hosts -i main -e -7d
splunk-as metadata search sources -i main -o json

SPL Patterns

spl
# Metadata command
| metadata type=sourcetypes index=main

# Metasearch
| metasearch index=* sourcetype=access_combined

# Field summary
| fieldsummary maxvals=100

Related Skills