Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Checking if device is communication with Splunk given IP or hostname

waJesu
Path Finder
‎10-02-2020 05:12 AM

I am very new to Splunk administration. Would anyone help me with a simple search to check if a particular device is reporting to splunk, given it's IP address and/or it's hostname.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-02-2020 06:03 AM

If the device has a Universal Forwarder on it then you can search the internal index for the IP/hostname in question.

index=_internal TERM(ip address)

index=_internal "host name"

If the device does not have a UF on it then you can search your other indexes for the host.

| tstats latest(_time) as time where index=* host="host name"

Use a specific index name in place of * if you know which index has the host's data.

---
If this reply helps you, Karma would be appreciated.
Reply

waJesu
Path Finder
‎10-02-2020 07:34 AM

Oh I had only tried using host name. The IP one is not returning results.

0 Karma
Reply

waJesu
Path Finder
‎10-02-2020 07:30 AM

Thank you. This was very helpful. Maybe the follow up question would be how to trouble shoot why a device is not communicating.

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...