Splunk Search

Need help how to find the active rules/usecases and integrated logsources in splunk

mputtam
Path Finder

Hi Guys,

Help me out how to find the active rules in splunk and how many log sources are integrated with splunk.

 

Thanks in advance,

Kishore

Labels (3)
0 Karma
1 Solution

mputtam
Path Finder

Hi ,

Thank for your response...!

I want to see the number of active use cases in splunk and total hosts which is reporting to splunk.

Thanks in advance,

Kishore

 

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That's a bit broad, isn't it?  Specific requests are more likely to get you the desired results.

Please define "rules" as this is not a Splunk term.

To find your data sources, try the metadata command.

| metadata type=sources index=*

 

---
If this reply helps you, Karma would be appreciated.
0 Karma

mputtam
Path Finder

Hi ,

Thank for your response...!

I want to see the number of active use cases in splunk and total hosts which is reporting to splunk.

Thanks in advance,

Kishore

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

To see the "active use cases", go to Settings->Searches, reports, and alerts.  Select All from the App dropdown then look at the entries that are not disabled.

To see a total number of hosts reporting to Splunk, try this search.

| tstats count where host=* index=*
---
If this reply helps you, Karma would be appreciated.

mputtam
Path Finder

@richgalloway thank you it's working

0 Karma

sanjeev543
Communicator

Just to add little bit to the @richgalloway 's answer, if you just  need to see the complete list of hosts you could use  

| metadata type=hosts index=* | table host 

OR 

|tstats count where index=* host=* by host  | table host

mputtam
Path Finder

@sanjeev543 thank you it's working fine.

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...