Solved: List of host from Syslog-ng server.

arjit · ‎02-04-2021

Hi Team

I could see my license limit has reached for my syslog-ng. Can you please let me know how can I get a list of all the host which are getting data from syslog via syslog-ng to splunk?

Thanks,

AG.

scelikok · ‎02-04-2021

Hi @arjit,

I think your are getting data from syslog-ng by file monitor. If you are not overwriting source field, you can use it as a filter.

Let's say your syslog data creates file in /var/log/splunk/syslog/...

|tstats count where index=* source="/var/log/splunnk/syslog*" by host

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

arjit · ‎02-08-2021

@scelikok Thanks Scelikok! it helped.

scelikok · ‎02-04-2021

Hi @arjit,

I think your are getting data from syslog-ng by file monitor. If you are not overwriting source field, you can use it as a filter.

Let's say your syslog data creates file in /var/log/splunk/syslog/...

|tstats count where index=* source="/var/log/splunnk/syslog*" by host

If this reply helps you an upvote and "Accept as Solution" is appreciated.

List of host from Syslog-ng server.

other

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)