I'm trying to use a metadata search to quickly return the hosts that are currently sending logs to Splunk to determine if we are missing any logs. Here is the current search:
| metadata type=hosts index=wineventlog | table host
Is there a way to also return the IP address of the host from the metadata search?
| metadata type=hosts index=wineventlog | table host| lookup dnslookup clienthost AS host
Also this documentation will be helpful