Forgive my newbieness - I've tried doing this with: | metadata type=sourcetypes index="*" but the output is difficult to interpret, let alone decipher for each thing that is sending data. Is there a way to just do a search to return a list like "Cisco Netflow devices = x, Windows server sources = y" with those numbers just being a sum of those types? The reason I ask is that a lot of the data feeding into our systems now was done prior to my arriving on the scene, and to be honest, I have no idea of the total scope of devices reporting into Splunk. I'd just like to total up how many of each type there are and have it be readable. Thanks in advance! Michael ... View more

Hi there! Being new and still struggling mightily to master Splunk, I have an immediate need to create a search/report that looks at when new accounts are created in AD, and what those accounts are named. If I run this over 24 hours, I get a host of timestamped "zero" lines, as no accounts were created during that time. However, at some point, there may be creations of accounts, and it those and those alone that I wish to see. Thanks, and apologies if this is such a stupid and basic question! I'm trying to find a clue in the docs and in the book, but I'm still struggling. Michael ... View more