Splunk Enterprise Security

Is there a page view that shows all Source's for an Index

gregoryrecords
Engager

Aside from doing a search is there a configuration page that will show me all the sources sending logs to an index at a quick glance?

0 Karma
1 Solution

nvanderwalt_spl
Splunk Employee
Splunk Employee

The user that runs |metadata needs get_metadata capability, which the user role should have by default, but you may want to check that.

Make sure you select the correct time in the timepicker, and change the index name as appropriate

Also, the command listed above will return sourcetypes. If you want sources, you need
| metadata type=sources index=indexname

View solution in original post

spayneort
Contributor
|tstats values(sourcetype) as sourcetypes, values(source) as sources where index=* by index
0 Karma

nvanderwalt_spl
Splunk Employee
Splunk Employee

The user that runs |metadata needs get_metadata capability, which the user role should have by default, but you may want to check that.

Make sure you select the correct time in the timepicker, and change the index name as appropriate

Also, the command listed above will return sourcetypes. If you want sources, you need
| metadata type=sources index=indexname

jkat54
SplunkTrust
SplunkTrust

Not other than the data summary on the default search view.

Here's a good search for that though:

| metadata type=sourcetypes index=yourindex 
0 Karma

jkat54
SplunkTrust
SplunkTrust

You can make your own dashboard using the above.

0 Karma

gregoryrecords
Engager

Hmmm thats not returning anything for me.

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...