I'm trying to use a metadata search to quickly return the hosts that are currently sending logs to Splunk to determine if we are missing any logs. Here is the current search:
| metadata type=hosts index=wineventlog | table host
Is there a way to also return the IP address of the host from the metadata search?
| metadata type=hosts index=wineventlog | table host| lookup dnslookup clienthost AS host
Also this documentation will be helpful
I tried this search string, but I got an empty clientip field added to the table...not exactly why it's not returning the IP values. No error is shown...
same for me... the clientip field is empty