×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Ghost
New Member
Member since: a week ago
a week ago
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-05-2025
Topics I've Started
View All

Re: Attempting to write a search to find all Crowd...

by in Splunk Search
a week ago
a week ago
i do have access to it its under index=falcon with a sourcetype="crowdstrike:events:sensor or crowdstrike*". Just trying to find a full proof way to view 100% of the hosts that have the agent installed with each of the hosts source IP. if I could get a true and false statement saying no crowdstrike  agent is installed on the list that would be great. But sadly im not that versed at Splunkfu.  ... View more

Attempting to write a search to find all CrowdStri...

by in Splunk Search
a week ago
a week ago
Hello, Got tasked with finding all hosts that didnt have the crowdstrike agent installed and running into problems with my searches.  Ive used the following "CSFalconservice.exe | stats count by host" & "index=*sourcetype="crowdstrike:events:sensor" | stats count by host" but its not giving me the information per each individual hosts.   V/r Ghost ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
a week ago