How to get the data from Splunk with using of SPL ...

raghunandan1 · ‎01-19-2024

Hi Team,

We have 800+ servers contains windows & Linux servers. How to get the data from Splunk with these details O/S version, Allocated Storage (GB), Utilized Storage (GB), Uptime %, CPU Utilization Peak %, CPU Utilization Avg %, with the help of SPL query .

Can you please help us on this requirement.

Thanks,

Raghunadha.

PickleRick · ‎01-19-2024

And what data do you have in your Splunk? How should your Splunk know about all this?

raghunandan1 · ‎01-19-2024

We have using for windows servers index=windows and index=perfmon. For Linux servers using index=os . These servers having data memory utilization and CPU, performance data.

PickleRick · ‎01-20-2024

Index names don't matter here. It's about the data in indexes.

Anyway, perfmon data does not include OS version as far as I remember so you need to make sure you have this ingested another way.

What data you have in your linux index is beyond me - you should have it docummented somewhere. I suppose you have TA_nix deployed across your environment and some inputs enabled but we don't know which ones and what data you're ingesting.

So the question is what data you _have_. If you know this, you'll probably know what to search for yourself.

How to get the data from Splunk with using of SPL query

development

Splunk Investigate

using Splunk Cloud

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation