Splunk Search

How to list servers sending logs to Splunk along with source & sourcetype details

Explorer

Hi,

I need to list all the Source Server Details (Hosname and IP Address) including log paths & Log File names which are sending logs to Splunk environment. The following query doesn't fetch the IP Address. Is there any better way to do it?

index=* 
| stats values(source) as sources ,values(sourcetype) as sourcetype by host
0 Karma
1 Solution

Communicator

Try below mentioned SPL, work normally if you are not on Splunk cloud environment. Please check and let us know if works

| tstats  values(source) as sources ,values(sourcetype) as sourcetype where index=* by host
| lookup dnslookup clienthost as host OUTPUT  clientip as src_ip

View solution in original post

0 Karma

Communicator

Try below mentioned SPL, work normally if you are not on Splunk cloud environment. Please check and let us know if works

| tstats  values(source) as sources ,values(sourcetype) as sourcetype where index=* by host
| lookup dnslookup clienthost as host OUTPUT  clientip as src_ip

View solution in original post

0 Karma

Explorer

Hey mate, Thanks for your answer. Do I need to make any changes on | lookup query part. pardon for basic doubt, I am new to Splunk.

0 Karma

Communicator

Hello @splunkwar , its internet lookup script. No changes required 🙂

0 Karma

Explorer

Thanks @sumanssah . It perfectly worked and fulfilled my need.

0 Karma

Influencer

Check this query. In results host might contain IPs, hostname or just names of the source. You need to map host values with IPs using a csv lookup.

| metasearch index=*
| stats count by index,source,host,sourcetype
0 Karma

Explorer

Thanks for your answer !

0 Karma

SplunkTrust
SplunkTrust

Do you have a lookup table that maps host names to IP addresses?

---
If this reply helps you, an upvote would be appreciated.
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!