×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Ghost
New Member
Member since: ‎05-05-2025
‎05-05-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-05-2025
View All

Re: Attempting to write a search to find all Crowd...

by in Splunk Search
‎05-05-2025 01:26 PM
‎05-05-2025 01:26 PM
i do have access to it its under index=falcon with a sourcetype="crowdstrike:events:sensor or crowdstrike*". Just trying to find a full proof way to view 100% of the hosts that have the agent installed with each of the hosts source IP. if I could get a true and false statement saying no crowdstrike  agent is installed on the list that would be great. But sadly im not that versed at Splunkfu.  ... View more

Attempting to write a search to find all CrowdStri...

by in Splunk Search
‎05-05-2025 12:49 PM
‎05-05-2025 12:49 PM
Hello, Got tasked with finding all hosts that didnt have the crowdstrike agent installed and running into problems with my searches.  Ive used the following "CSFalconservice.exe | stats count by host" & "index=*sourcetype="crowdstrike:events:sensor" | stats count by host" but its not giving me the information per each individual hosts.   V/r Ghost ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-05-2025 12:41 PM