cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Cyber_Shinigami
Engager
Member since: yesterday
2 hours ago
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎01-22-2025
View All

Re: How to grab all data that Splunk is collecting...

by in Dashboards & Visualizations
6 hours ago
6 hours ago
I totally understand where you are coming from and what you are saying.  Alas, I think at this point in time management is attempting to understand what Splunk is collecting so that we can better understand what Splunk might be potentially missing (such as, when someone stands up a server and doesn't tell someone). I have broken metrics down by time in a more readable format like (last 30 minutes or 24 hours) to test the SPL queries that I've been attempting.  That is why I have been focused on organizing the data by Host, Sourcetype, Source, and Index so that I could capture everything but understand the resource intensity associated with it. Additionally, I created a dashboard studio that showcases each data point listed above in their own tab, still showcases everything but isn't in one instance or table.  ... View more

How to grab all data that Splunk is collecting in ...

by in Dashboards & Visualizations
7 hours ago
7 hours ago
Hello Splunk Community,  I am very new to Splunk and was given the following task and could really use some help: To gather all data that Splunk is collecting and put it in a visually readable format for executives I have been trying very many things to accomplish this, such as, using Enterprise Security > Audit> Index Audit and Forwarder Audit. Trying to create custom classic dashboards and using Dashboard studio to play around with the data. Nothing seems to give me what I need.  I have also tried the following:  | tstats  values(source) as sources ,values(sourcetype) as sourcetype where index=* by host | lookup dnslookup clienthost as host OUTPUT  clientip as src_ip This method is very resource intensive and provides me with the information I need but the Source and Sourcetypes are incredibly long and make the table not easy to read for executives. Is there another way to do this?  ... View more
Contact Me
Online Status
Offline
Date Last Visited
2 hours ago
Karma given to