Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Using Splunk Web, can I search a specific host name or IP address that returns the “Identified UF Version” of that system?

Splunk0n
New Member
‎12-06-2016 09:13 AM

Hello Splunkers - Using Splunk Web, can I search/index a specific host name or IP address that returns the “Identified UF Version” of that system? The Universal Forwarder 6.4 is already installed. Any assistance would be greatly appreciated, thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

coltwanger
Contributor
‎12-06-2016 09:38 AM

Try something like this, but replace sourceHost with your IP address:

index="_internal" sourcetype=splunkd group=tcpin_connections NOT eventType=* sourceHost=10.1.1.1 
| eval Hostname=if(isnull(hostname), sourceHost,hostname) 
| eval version=if(isnull(version),"pre 4.2",version) 
| eval architecture=if(isnull(arch),"n/a",arch) 
| stats count by Hostname version architecture 
| sort + version

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

coltwanger
Contributor
‎12-06-2016 09:38 AM

Try something like this, but replace sourceHost with your IP address:

index="_internal" sourcetype=splunkd group=tcpin_connections NOT eventType=* sourceHost=10.1.1.1 
| eval Hostname=if(isnull(hostname), sourceHost,hostname) 
| eval version=if(isnull(version),"pre 4.2",version) 
| eval architecture=if(isnull(arch),"n/a",arch) 
| stats count by Hostname version architecture 
| sort + version
0 Karma
Reply
Solved! Jump to solution

Splunk0n
New Member
‎12-08-2016 08:08 AM

Hello coltwanger - thank for your guidance. I have tried your suggestions but no results. I am new to Splunk but not a SME yet 🙂
Assuming my IP is 123.45.6.78, can you be more specific how I can index that systems?
I know its probably an elementary question so please bare with me, thank you.

0 Karma
Reply
Solved! Jump to solution

aaraneta_splunk
Splunk Employee
Splunk Employee
‎12-08-2016 01:13 PM

@Splunk0n - I don't think it was your intention, but I scrubbed the IP address you initially used since it points to an actual location. I anonymized the IP address in your and coltwanger's comments. Please keep in mind that Splunk Answers is a public forum so please take extra care as to not accidentally reveal sensitive information specific to you, your company, and/or customers. Thanks 🙂

0 Karma
Reply
Solved! Jump to solution

coltwanger
Contributor
‎12-08-2016 11:37 AM

This search should return the information regarding that particular IP address:

 index="_internal" sourcetype=splunkd group=tcpin_connections NOT eventType=* sourceHost=123.45.6.78 
 | eval Hostname=if(isnull(hostname), sourceHost,hostname) 
 | eval version=if(isnull(version),"pre 4.2",version) 
 | eval architecture=if(isnull(arch),"n/a",arch) 
 | stats count by Hostname version architecture 
 | sort + version
0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...