Re: newbe question: How do I list machines reporti...

jawehren · ‎10-22-2010

How do I list machines reporting to my server?

ftk · ‎10-22-2010

This search will give you all hosts reporting to your indexer and the last time they forwarded data.

| metadata type=hosts index=foo | eval last_contact=now()-recentTime

muebel · ‎10-22-2010

Here are a couple searches that will get a list of hosts. This one will give you all machines in last 10 minutes reporting in:

* minutesago=10 | dedup host | stats list(host)

you can run this over any time frame you want... minutesago=30? Or, you can use the time picker and select "custom time" to look at all host reporting in during the time frame of your choice.

Here is another search that gives you all hosts reporting in, but also the number of events from each host:

* minutesago=10 | chart count(host) by host

The above search will give you each host reporting in during last 10 minutes, and also the number of events from that host. Lets you see who is most active.

southeringtonp · ‎10-22-2010

Run the following search:

| metadata hosts

newbe question: How do I list machines reporting to my splunk server?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation