Solved: How to search for all devices in my environment th...

AaronMoorcroft · ‎09-17-2015

Morning Guys

I'm mid plan for ripping out our Splunk environment and starting again. As some of you may be aware from my past questions, I inherited our current Splunk environment which I don't believe was in a great state.

I'm looking at effectively starting fresh, but I don't know of all the devices sending in logs. Is there a search I can run that will pick up everything, Servers, Network Devices, everything else?

I have multiple Heavy Forwarders sending on logs from all over the place, all going to one indexer with a mini Splunk environment bolted on to that too. If someone could advise that would be awesome.

Thanks as always

alacercogitatus · ‎09-17-2015

You can run thorough all of the metadata.

|metadata type=hosts index=*

This will pull the metadata host value for anything on your indexer. This would be a quick starting point for you.

View solution in original post

alacercogitatus · ‎09-17-2015

You can run thorough all of the metadata.

|metadata type=hosts index=*

This will pull the metadata host value for anything on your indexer. This would be a quick starting point for you.

AaronMoorcroft · ‎09-18-2015

Thank you 🙂

brewster88 · ‎02-04-2019

Extremely useful answer, life saver today!

How to search for all devices in my environment that are sending logs to Splunk?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes