All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

host integrated details with hostname,, index, sourcetype and source

Rody333
New Member
‎05-02-2018 06:22 AM

I want to fetch what all devices integrated to splunk and sending logs. I don't have admin rights and having access to Search Head only.
Pls advise how to fetch host integrated details with hostname, index, sourcetype and source.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎05-02-2018 11:23 AM

Try these:

| tstats count values(sourcetype) where index=* BY index

And:

| tstats count values(host) where index=* BY sourcetype

Or maybe combined like this:

| tstats count where index=* BY host sourcetype index
| stats list(count) AS host_total list(host) AS host sum(count) AS sourcetype_total BY sourcetype index
| nomv host
| nomv host_total
| stats list(host) AS host list(host_total) AS host_total sum(sourcetype_total) AS sourcetype_total BY index

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎05-02-2018 11:23 AM

Try these:

| tstats count values(sourcetype) where index=* BY index

And:

| tstats count values(host) where index=* BY sourcetype

Or maybe combined like this:

| tstats count where index=* BY host sourcetype index
| stats list(count) AS host_total list(host) AS host sum(count) AS sourcetype_total BY sourcetype index
| nomv host
| nomv host_total
| stats list(host) AS host list(host_total) AS host_total sum(sourcetype_total) AS sourcetype_total BY index
0 Karma
Reply
Solved! Jump to solution

Rody333
New Member
‎05-03-2018 09:01 AM

Thanks a lot woodcock. It really helps

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎05-04-2018 05:05 PM

When you are done gathering answers, be sure to pick one and click Answer to close it out.

0 Karma
Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎05-02-2018 06:36 AM

Run this

| metasearch index=* sourcetype=* 
| table index source host sourcetype
0 Karma
Reply
Solved! Jump to solution

Rody333
New Member
‎05-02-2018 07:26 AM

Hi skoelpin, Thanks for your help. Need another help. It's a huge data with redundancy.. can you tell me if result can have distinct values

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...