Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I get a complete list of all Hosts ( Win & Linux) , their time zones & current date & time please? SPL?

SamHTexas
Builder
‎10-08-2021 02:58 PM

Is there an SPL to list all my Hosts (Win & Linus), version of their UF, date & time & TZ please? Thanks a million.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

joeybagofdonuts
Explorer
‎10-14-2021 01:25 PM

This search will get you everything you need except timezone:
index="_internal" sourcetype=splunkd group=tcpin_connections NOT eventType=*
| eval hostname=if(isnull(hostname), sourceHost,hostname)
| eval version=if(isnull(version),"pre 4.2",version)
| stats latest(_time) as _time, latest(version) as version by hostname
| table _time hostname version
| sort version

Timezone gets a little hairy but it seems theres some good information in here on how to add it to your events
https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Applytimezoneoffsetstotimestamps

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-14-2021 02:52 PM

Sorry, but it will not give you the information that the OP wants.

It will give you information from the logs. It doesn't have to be accurate, doesn't have to be current, doesn't have to be complete. What if the forwarder got disconnected? What if the forwarder got disconnected and the information about it rolled out of the index?

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-08-2021 11:29 PM

As I already told you - splunk is not infrastructure software. You can list your forwarders, by default you have their internal logs but nothing more.

As I already wrote you, you could help yourself in finding hosts with the time really off but it's not reliable since time in splunk depends on so many factors and it's up to you to make it right. And you're trying compeletely opposite way around.

So no, your splunk installation is not a system monitoring solution (like nagios or zabbix) and it's not a system management software (like sccm).

Again, because your questions are getting annoying - if you can't manage your infrastructure, get someone who can. You're asking many questions nit with intent to learn something but to get someone to do your work for you. For this you normally employ Professional Services or third-party consuktants.

And get your infrastructure team to do their job properly.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...