Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

newbe question: How do I list machines reporting to my splunk server?

jawehren
Engager
‎10-22-2010 05:53 PM

How do I list machines reporting to my server?

Tags (1)
Reply

ftk
Motivator
‎10-22-2010 09:02 PM

This search will give you all hosts reporting to your indexer and the last time they forwarded data.

| metadata type=hosts index=foo | eval last_contact=now()-recentTime
Reply

muebel
SplunkTrust
SplunkTrust
‎10-22-2010 08:30 PM

Here are a couple searches that will get a list of hosts. This one will give you all machines in last 10 minutes reporting in:

* minutesago=10 | dedup host | stats list(host)

you can run this over any time frame you want... minutesago=30? Or, you can use the time picker and select "custom time" to look at all host reporting in during the time frame of your choice.

Here is another search that gives you all hosts reporting in, but also the number of events from each host:

* minutesago=10 | chart count(host) by host

The above search will give you each host reporting in during last 10 minutes, and also the number of events from that host. Lets you see who is most active.

0 Karma
Reply

southeringtonp
Motivator
‎10-22-2010 05:55 PM

Run the following search:

| metadata hosts
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...