Splunk Search

Need help how to find the active rules/usecases and integrated logsources in splunk

mputtam
Path Finder

Hi Guys,

Help me out how to find the active rules in splunk and how many log sources are integrated with splunk.

 

Thanks in advance,

Kishore

Labels (3)
0 Karma
1 Solution

mputtam
Path Finder

Hi ,

Thank for your response...!

I want to see the number of active use cases in splunk and total hosts which is reporting to splunk.

Thanks in advance,

Kishore

 

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That's a bit broad, isn't it?  Specific requests are more likely to get you the desired results.

Please define "rules" as this is not a Splunk term.

To find your data sources, try the metadata command.

| metadata type=sources index=*

 

---
If this reply helps you, Karma would be appreciated.
0 Karma

mputtam
Path Finder

Hi ,

Thank for your response...!

I want to see the number of active use cases in splunk and total hosts which is reporting to splunk.

Thanks in advance,

Kishore

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

To see the "active use cases", go to Settings->Searches, reports, and alerts.  Select All from the App dropdown then look at the entries that are not disabled.

To see a total number of hosts reporting to Splunk, try this search.

| tstats count where host=* index=*
---
If this reply helps you, Karma would be appreciated.

mputtam
Path Finder

@richgalloway thank you it's working

0 Karma

sanjeev543
Communicator

Just to add little bit to the @richgalloway 's answer, if you just  need to see the complete list of hosts you could use  

| metadata type=hosts index=* | table host 

OR 

|tstats count where index=* host=* by host  | table host

mputtam
Path Finder

@sanjeev543 thank you it's working fine.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...