Getting Data In

How do you find other devices that are coming in from other source types within the networking index?

yzaari
New Member

Basically, I need to make sure that, from syslog-ng servers, they are tagging the right source types and source addresses (not the syslog server IP but the Network Device IP) and forwarding this syslog info over to Splunk.

0 Karma

prakash007
Builder

@yzaari: let's assume that your index=network, there are many ways to grab the info, I will list few here...

| metadata type=hosts index=network
| tstats values(host) as hosts, values(sourcetype) as sourcetypes where index=network
| tstats values(sourcetype) values(host) where index=network group by index

https://docs.splunk.com/Documentation/Splunk/7.2.1/SearchReference/Metadata

0 Karma

yzaari
New Member

Thanks a lot this helpful.
I just don’t know why I am not seeing all of our devices in the network in the list.
Also I want to be able to use the Cisco networks dashboard and monitor all the devices in the network that are Cisco.

0 Karma

prakash007
Builder

check your inputs.conf on your syslog(do you have any host_segement or host_regex in there)..
index=network | dedup host | table host (might give you hosts forwarding to that index)

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...