It all depends on what you mean by "all hosts" but in general - unless you have a very well organized environment, you might have problems with that.
Why? Because splunk as such doesn't much care about the metadata - it's up to you and your apps to make it reasonable.
For example - if you have a UDP:514 input receiving syslog events and you receive events from ten different hosts which are misconfigured and are sending "localhost" as their name, splunk will probably parse the host field as "localhost" from the event contents and the source by default would be set to "udp:514". It doesn't tell you much, does it?
There's no "automatic" additional metadata that splunk captures - like source IP for network connections.
So even though you might list metadata about all your events (list all your sources, hosts and sourcetypes) it still might not correspond directly to your physical environment.
Got your point but what we are looking is from which servers we are mainly getting data for last 30 days. can we find that ?
so that we can list those important servers and will blocklist the remaining.
As I wrote, earlier - you can list what you have in indexes. Just do
| tstats count where index=* by index,source,sourcetype
and you're all set.
It's just that you might end up with data which tells you absolutely nothing.