Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

metadata with splunk_server

EricPartington
Communicator
‎11-03-2011 02:27 PM

How can i add a column that contains the splunk server name to the metadata command below?

I can filter based on metadata but i'd like to include that in the table so that I can use that column to split on later.

|metadata type=hosts index=*

I'd like to use this to write a summary index entry every 24 hours with a breakdown of the hosts that have written logs to each index and each splunk server. This will allow me to track the number of hosts that are logging to splunk, the number of hosts that are logging over the last x days and if a host stops logging to splunk we would see the counts change and can drill down into the splunk server and index to determine which host it is.

is there a way to restrict the metadata command to search only non-internal indexes with out specifically listing each index to include?

Reply

wrangler2x
Motivator
‎05-11-2017 10:47 AM

You can do | metadata type=hosts NOT index="_*"

I think it is interesting that you can specify the index and the splunk_server in the search criteria, but you cannot include them in the search results.

I personally wish that I could see the splunk_server in the results.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...