Splunk Search

How to search for all devices in my environment that are sending logs to Splunk?

AaronMoorcroft
Communicator

Morning Guys

I'm mid plan for ripping out our Splunk environment and starting again. As some of you may be aware from my past questions, I inherited our current Splunk environment which I don't believe was in a great state.

I'm looking at effectively starting fresh, but I don't know of all the devices sending in logs. Is there a search I can run that will pick up everything, Servers, Network Devices, everything else?

I have multiple Heavy Forwarders sending on logs from all over the place, all going to one indexer with a mini Splunk environment bolted on to that too. If someone could advise that would be awesome.

Thanks as always

0 Karma
1 Solution

alacercogitatus
SplunkTrust
SplunkTrust

You can run thorough all of the metadata.

|metadata type=hosts index=*

This will pull the metadata host value for anything on your indexer. This would be a quick starting point for you.

View solution in original post

alacercogitatus
SplunkTrust
SplunkTrust

You can run thorough all of the metadata.

|metadata type=hosts index=*

This will pull the metadata host value for anything on your indexer. This would be a quick starting point for you.

View solution in original post

AaronMoorcroft
Communicator

Thank you 🙂

0 Karma

brewster88
New Member

Extremely useful answer, life saver today!

0 Karma