I'm mid plan for ripping out our Splunk environment and starting again. As some of you may be aware from my past questions, I inherited our current Splunk environment which I don't believe was in a great state.
I'm looking at effectively starting fresh, but I don't know of all the devices sending in logs. Is there a search I can run that will pick up everything, Servers, Network Devices, everything else?
I have multiple Heavy Forwarders sending on logs from all over the place, all going to one indexer with a mini Splunk environment bolted on to that too. If someone could advise that would be awesome.