I am trying to settle on a method for grouping hosts into hostgroups for easy searching and reporting. I have heard enough warnings of tags not scaling well. We have about 1000-2000 host sources....
...bviously it does not produce results for hosts which have no such events; and the result is that if there are no authentication failures overnight, there are no stats for any host, and consequently no e...
Hi, I have 10 hosts, from this only 3 hosts are reporting to DS and 7 are notreporting. when i searched with _internal i could see only 3 hosts logs are coming in. How to troubleshoot further o...
When searching for lost forwarders a host with an all caps name is returned as lost when the same host with a lower case name is reporting. Not certain how host names are being changed, but is t...
Splunk indexer (version 6.3.0) is installed and forwarder(6.2.1) is configured, can search for data with query index=os sourcetype="cpu" under search tab of Splunk App for Unix app. However under host...
I have hundreds of hosts within a tier and would like to combine those hosts for the purposes of reporting. For example, I have the following hosts:
web001.mydomain.com
web002
web003
web004
......
I am attempting the following:
Find hosts that are logging to one index but not the other by the host field.
Use case, find hostsreporting via AWS API but are not logging host logs via OS UF....
...unning into is that some of the devices are in an HA pair so I am constantly getting emails for the backup device notreporting. Below is my current search,
| metadata type=hosts index=infoblox
| l...
*Hi
When I use below query, Im not able to get unix os host type: Can you please let me know what could be the reason
index=_internal source="*metrics.log" group=tcpin_connections
| eval s...
...ant every host which is not sending data/ not connecting to splunk, along with the time it stopped sending. This should be done for 1 week, as a sheduled report.
Help is highly appreciated.
Thank you