Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to write a search to find new hosts that are sending logs to Splunk?

sumitkathpal
Explorer
‎01-04-2017 03:03 AM

Dear Experts,

We are looking for a search where we can find new hosts that are sending logs to Splunk. I am stuck and don't know where to start.

Any help. Thanks in advance

0 Karma
Reply

javiergn
Super Champion
‎01-26-2017 12:57 PM

Hi,

Did any of the answers below help you?
If so, could you please mark it as answered so that we can close the thread?

Thanks,
J

0 Karma
Reply

javiergn
Super Champion
‎01-04-2017 03:18 AM

You could try this if you just want to show those new hosts that have reported for the first time since yesterday:

| metadata type=hosts index=_* OR index=*
| where firstTime >= relative_time(now(), "-1d")
| convert timeformat="%Y-%m-%d %T" ctime(firstTime) as firstTime, ctime(lastTime) as lastTime, ctime(recentTime) as recentTime
| table host, firstTime, lastTime, recentTime, Count

Simply modify the relative_time parameters to match your time range needs.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-04-2017 03:12 AM

hi sumitkathpal,
You can see which hosts are sending logs to Splunk with this simple search:

index=_internal

If you want to verify if there are new hosts you have to insert your hosts in a lookup and search for them:

index=_internal NOT [ | inputlookup my_hosts.csv | fields host ]

in this way you can find if an host is or not in your lookup.
Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...
Top