×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Karlit0
New Member
Member since: ‎11-26-2018
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-26-2018
View All

Re: How do you create a dashboard that indicates d...

by SplunkTrust in Dashboards & Visualizations
‎11-26-2018 07:42 AM
‎11-26-2018 07:42 AM
Hi Karlit0, you have to define a perimeter of your ingestion, in other words a lookup containing the list of the sources or the hosts that you're waiting for. In few words, if you need to check if all your hosts are sending logs, you have to create a lookup called e.g. Perimeter.csv, in which there's at least the host column. Then you have to run a search like the following: index=_internal | host=upper(host) | stats count BY host | append [ | inputlookup Perimeter.csv | eval host=upper(host), count=0 | fields host count ] | stats sum(count) AS Total BY host In this way all the hosts where Total = 0 are missing, instead host where Total > 0 are present. You can use this approach also to check othes things as sources or sourcetypes. Bye. Giuseppe ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM