Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Checking if device is communication with Splunk given IP or hostname

waJesu
Path Finder
‎10-02-2020 05:12 AM

I am very new to Splunk administration. Would anyone help me with a simple search to check if a particular device is reporting to splunk, given it's IP address and/or it's hostname.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-02-2020 06:03 AM

If the device has a Universal Forwarder on it then you can search the internal index for the IP/hostname in question.

index=_internal TERM(ip address)

index=_internal "host name"

If the device does not have a UF on it then you can search your other indexes for the host.

| tstats latest(_time) as time where index=* host="host name"

Use a specific index name in place of * if you know which index has the host's data.

---
If this reply helps you, Karma would be appreciated.
Reply

waJesu
Path Finder
‎10-02-2020 07:34 AM

Oh I had only tried using host name. The IP one is not returning results.

0 Karma
Reply

waJesu
Path Finder
‎10-02-2020 07:30 AM

Thank you. This was very helpful. Maybe the follow up question would be how to trouble shoot why a device is not communicating.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...