Splunk Search

Need to get splunk server names with host count

kpavan
Path Finder

Hi All,

Need to get the host count with splunk_server names by using the search queries, i have used below but its giving the all the events

index=main sourcetype="WinEventLog:Security" host=* splunk_server=*

Thanks

Tags (1)
0 Karma

strive
Influencer

Try this

index=main sourcetype="WinEventLog:Security" | stats count(host) by splunk_server
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...