Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Number of hosts forwarding logs to indexer

rxdeleon
Explorer
‎07-06-2011 01:46 PM

I would like to know the quickest way to count the number of hosts that have sent data to the indexer for the last 7 days.

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎07-06-2011 08:53 PM

Well, the quickest will probably be:

| metadata type=hosts | where now()-recentTime < (7*24*60*60)

What it actually tells you is which hosts have a most recently sent event whose timestamp is within the last 7 days, though this is likely to be close to what you asked for if you are generally bringing in correctly timestamped data in real time.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎07-06-2011 08:53 PM

Well, the quickest will probably be:

| metadata type=hosts | where now()-recentTime < (7*24*60*60)

What it actually tells you is which hosts have a most recently sent event whose timestamp is within the last 7 days, though this is likely to be close to what you asked for if you are generally bringing in correctly timestamped data in real time.

0 Karma
Reply
Solved! Jump to solution

rxdeleon
Explorer
‎07-07-2011 11:33 AM

Yes, this is a much quicker method. Thank you so much.

0 Karma
Reply
Solved! Jump to solution

proctorgeorge
Path Finder
‎07-06-2011 02:00 PM

Does this search do it for you?

index=_internal source="C:\\Program Files\\Splunk\\var\\log\\splunk\\metrics.log" earliest=-7d@d | table sourceHost | dedup sourceHost | stats count

with the source path changed accordingly of course!

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...