Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

metadata with splunk_server

EricPartington
Communicator
‎11-03-2011 02:27 PM

How can i add a column that contains the splunk server name to the metadata command below?

I can filter based on metadata but i'd like to include that in the table so that I can use that column to split on later.

|metadata type=hosts index=*

I'd like to use this to write a summary index entry every 24 hours with a breakdown of the hosts that have written logs to each index and each splunk server. This will allow me to track the number of hosts that are logging to splunk, the number of hosts that are logging over the last x days and if a host stops logging to splunk we would see the counts change and can drill down into the splunk server and index to determine which host it is.

is there a way to restrict the metadata command to search only non-internal indexes with out specifically listing each index to include?

Reply

wrangler2x
Motivator
‎05-11-2017 10:47 AM

You can do | metadata type=hosts NOT index="_*"

I think it is interesting that you can specify the index and the splunk_server in the search criteria, but you cannot include them in the search results.

I personally wish that I could see the splunk_server in the results.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...