Solved: Re: Need help how to find the active rules/usecase...

mputtam · ‎07-28-2020

Hi Guys,

Help me out how to find the active rules in splunk and how many log sources are integrated with splunk.

Thanks in advance,

Kishore

mputtam · ‎07-28-2020

Hi ,

Thank for your response...!

I want to see the number of active use cases in splunk and total hosts which is reporting to splunk.

Thanks in advance,

Kishore

View solution in original post

richgalloway · ‎07-28-2020

That's a bit broad, isn't it? Specific requests are more likely to get you the desired results.

Please define "rules" as this is not a Splunk term.

To find your data sources, try the metadata command.

| metadata type=sources index=*

---
If this reply helps you, Karma would be appreciated.

mputtam · ‎07-28-2020

Hi ,

Thank for your response...!

I want to see the number of active use cases in splunk and total hosts which is reporting to splunk.

Thanks in advance,

Kishore

richgalloway · ‎07-28-2020

To see the "active use cases", go to Settings->Searches, reports, and alerts. Select All from the App dropdown then look at the entries that are not disabled.

To see a total number of hosts reporting to Splunk, try this search.

| tstats count where host=* index=*

---
If this reply helps you, Karma would be appreciated.

mputtam · ‎07-29-2020

@richgalloway thank you it's working

sanjeev543 · ‎07-28-2020

Just to add little bit to the @richgalloway 's answer, if you just need to see the complete list of hosts you could use

| metadata type=hosts index=* | table host

OR

|tstats count where index=* host=* by host | table host

mputtam · ‎07-29-2020

@sanjeev543 thank you it's working fine.

Need help how to find the active rules/usecases and integrated logsources in splunk

search job inspector

stats

subsearch

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms