Monitoring Splunk
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

hosts not reporting

raiqb01
Engager
‎08-05-2024 04:29 AM

I have following search. how can I add indexes information in the results:

|tstats max(_time) as _time, where index=windows by host,index
|append [|metadata type=hosts index=win index=linux  ]
| eval now=now() | eval diff= now - lastTime | search diff > 18000 | eval notreportingsince=tostring(diff,"duration")
| table host lastTime notreportingsince | convert ctime(lastTime) as lastTime
| table host notreportingsince lastTime,index

 

 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-05-2024 05:17 AM

Try something like this

|tstats max(_time) as _time, where index=windows [|metadata type=hosts index=win index=linux 
| eval now=now() | eval diff= now - lastTime | where diff > 18000 | table host ] by host,index

View solution in original post

0 Karma
Reply
Solved! Jump to solution

raiqb01
Engager
‎08-05-2024 04:48 AM

hi @ITWhisperer , I just need a list of hosts which are not reporting since last 5 days along with index information.

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-05-2024 05:17 AM

Try something like this

|tstats max(_time) as _time, where index=windows [|metadata type=hosts index=win index=linux 
| eval now=now() | eval diff= now - lastTime | where diff > 18000 | table host ] by host,index
0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-05-2024 04:39 AM

What is it that you are trying to achieve that metadata is not giving you?

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top