Archive
Highlighted

How to search for all components of a Splunk deployment

New Member

Hi,
I am new to Splunk and would like to start using Splunk on my firm's applications monitoring.
Please let me know how can I find the datasources already existing in the firm's Splunk intranet.
And how can I start using it from the basics?
Also, please advise on how can I get the datasources of new application integrated into Splunk.
Thanks!!

Tags (1)
0 Karma
Highlighted

Re: How to search for all components of a Splunk deployment

Splunk Employee
Splunk Employee

It might be useful for you to read Learn about the data in your Splunk deployment in the Inherit a Splunk Enterprise Deployment manual. The rest of that manual might also help you understand the various aspects of a Splunk platform deployment so that you can make the most of it.

0 Karma
Highlighted

Re: How to search for all components of a Splunk deployment

Motivator

Unfortunately, this is not an easy question to answer, as there's not a single query that can pull everything up that's in your environment. As for integrating more things with Splunk, that is part of the administrative function of the platform, and usually requires more information.

my suggestion is to read the documentation that was suggested in the answer by ChrisG. If you want a visual then set your time range for 24 hours and use these two queries:

index=* sourcetype=* | stats count by sourcetype
index=* sourcetype=* | stats count by source

This will give you the data sets, and the sources that are in your splunk environment. You'll also quickly realize why the answer to this question is not as easy as 1 query.

0 Karma