Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Need help to generate report based in table format

syedak
New Member
‎02-01-2018 08:20 PM

Need help to generate report based in table format in below format.

Hostname OS IPaddress LastLogReceived

SRV1 Win 10.x.x.x 25/01/2018
SRV2 Win 10.x.x.x 25/01/2018

SRV3 Linux 10.x.x.x 25/01/2018

TotalSRV = 3

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎02-01-2018 10:30 PM

hey, could you provide some sample events?

If all of the columns are already extracted then with the columns provided then you can try something like this

index=<your_index> | table Hostname OS IPaddress LastLogReceived

let me know if this helps!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎02-01-2018 10:30 PM

hey, could you provide some sample events?

If all of the columns are already extracted then with the columns provided then you can try something like this

index=<your_index> | table Hostname OS IPaddress LastLogReceived

let me know if this helps!

0 Karma
Reply
Solved! Jump to solution

syedak
New Member
‎02-01-2018 11:46 PM

Hi Mayurr98,
Thanks for the help.

I need something like this in my report

|Srv1 | 10.x.x.x| Windows|

|Srv2 | 10.x.x.x| Windows|
|Srv3 | 10.x.x.x| Windows|
|Tot Srv = 3(count of servers)|

Below is my search which i used for daily report, on top of this query i also need to count number of hostname that are present in this search result.

index= _internal fwdType ="*"
|eval lastUpdate=strftime(_time, "%d - %m -%Y %H:%M:%S")
|dedup hostname
| sort hostname asc
| table hostname, os, sourceHost, lastupdate
0 Karma
Reply
Solved! Jump to solution

mayurr98
Super Champion
‎02-02-2018 04:53 AM

Try this :

index=_internal fwdType="*" 
| eval lastUpdate=strftime(_time,"%d-%m-%Y %H:%M:%S") 
| dedup hostname 
| stats dc(hostname) as dc_count by hostname, os, sourceHost, lastUpdate 
| sort hostname asc 
| addcoltotals dc_count labelfield=hostname label="Total SRV"
0 Karma
Reply
Solved! Jump to solution

syedak
New Member
‎02-04-2018 07:26 PM

Thanks Mayurr98.
Worked for me to certain level.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...