Hi, I am new to Splunk and would like to build a dashboard to find all hosts in environment. This should query all logs to pick up WSL environments, devices ingesting from my security tools and overa...
See more...
Hi, I am new to Splunk and would like to build a dashboard to find all hosts in environment. This should query all logs to pick up WSL environments, devices ingesting from my security tools and overall just anything with a hostname and classify it as domain joined, server or workstation. I am using this to then see the devices that has the forwarder installed and then would correlate to see what devices require the splunk forwarder.
index="_internal" source="*metrics.log*" group=tcpin_connections
| dedup hostname
| table date_hour, date_minute, date_mday, date_month, date_year, hostname, sourceIp, fwdType ,guid ,version ,build ,os ,arch
| stats count