How to get the data from Splunk with using of SPL ...

raghunandan1 · ‎01-19-2024

Hi Team,

We have 800+ servers contains windows & Linux servers. How to get the data from Splunk with these details O/S version, Allocated Storage (GB), Utilized Storage (GB), Uptime %, CPU Utilization Peak %, CPU Utilization Avg %, with the help of SPL query .

Can you please help us on this requirement.

Thanks,

Raghunadha.

PickleRick · ‎01-19-2024

And what data do you have in your Splunk? How should your Splunk know about all this?

raghunandan1 · ‎01-19-2024

We have using for windows servers index=windows and index=perfmon. For Linux servers using index=os . These servers having data memory utilization and CPU, performance data.

PickleRick · ‎01-20-2024

Index names don't matter here. It's about the data in indexes.

Anyway, perfmon data does not include OS version as far as I remember so you need to make sure you have this ingested another way.

What data you have in your linux index is beyond me - you should have it docummented somewhere. I suppose you have TA_nix deployed across your environment and some inputs enabled but we don't know which ones and what data you're ingesting.

So the question is what data you _have_. If you know this, you'll probably know what to search for yourself.

How to get the data from Splunk with using of SPL query

development

Splunk Investigate

using Splunk Cloud

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation