Hi Guys,
Help me out how to find the active rules in splunk and how many log sources are integrated with splunk.
Thanks in advance,
Kishore
Hi ,
Thank for your response...!
I want to see the number of active use cases in splunk and total hosts which is reporting to splunk.
Thanks in advance,
Kishore
That's a bit broad, isn't it? Specific requests are more likely to get you the desired results.
Please define "rules" as this is not a Splunk term.
To find your data sources, try the metadata command.
| metadata type=sources index=*
Hi ,
Thank for your response...!
I want to see the number of active use cases in splunk and total hosts which is reporting to splunk.
Thanks in advance,
Kishore
To see the "active use cases", go to Settings->Searches, reports, and alerts. Select All from the App dropdown then look at the entries that are not disabled.
To see a total number of hosts reporting to Splunk, try this search.
| tstats count where host=* index=*
@richgalloway thank you it's working
Just to add little bit to the @richgalloway 's answer, if you just need to see the complete list of hosts you could use
| metadata type=hosts index=* | table host
OR
|tstats count where index=* host=* by host | table host
@sanjeev543 thank you it's working fine.