How to create a search to find non-integrated host...

3DGjos · ‎02-19-2020

Hello, I need to make a query to find from a list of hosts, which ones are still not integrated or sending data to the Splunk platform.

I already have the lookup with the total universe of hosts which should be on the platform.
Any help will be appreciated. thanks!

to4kawa · ‎02-19-2020

 Meta Woot!: https://splunkbase.splunk.com/app/2949/
 TrackMe: https://splunkbase.splunk.com/app/4621/,
 Broken Hosts App for Splunk: https://splunkbase.splunk.com/app/3247/
 Alerts for Splunk Admins ("ForwarderLevel" alerts): https://splunkbase.splunk.com/app/3796/
 Splunk Security Essentials(https://docs.splunksecurityessentials.com/features/sse_data_availability/): https://splunkbase.splunk.com/app/3435/
 Monitoring Console: https://docs.splunk.com/Documentation/Splunk/latest/DMC/Configureforwardermonitoring
 Deployment Server: https://docs.splunk.com/Documentation/DepMon/latest/DeployDepMon/Troubleshootyourdeployment#Forwarde...

@woodcock recommend.

| metadata type=hosts
| inputlookup append=t your_host.csv
| where as_you_like

It works, but It's not very good.

How to create a search to find non-integrated hosts with lookup?

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?