How do we get list of forwarders and sourcetypes?

hemant_asnani · ‎03-05-2014

Could someone please help me with getting list of forwarders and sourcetypes for splunk?

somesoni2 · ‎03-05-2014

Guess you're looking for this

http://answers.splunk.com/answers/115672/count-list-host-count-by-sourcetype-sourcetype-by-index

lukejadamec · ‎03-05-2014

This will give you a list of hosts:
index=_internal source="C:\\Program Files\\Splunk\\var\\log\\splunk\\metrics.log" group=per_host_thruput|dedup series|table series|rename series AS Host

This will give you a list of sourcetypes:
index=_internal source="C:\\Program Files\\Splunk\\var\\log\\splunk\\metrics.log" group=per_sourcetype_thruput |dedup series|table series|rename series AS Sourcetype

Both of these searches are fast, but I've not figured out a way to combine them to get a list of sourcetypes per host.

This search will give you a list of sourcetypes by host, but it can be slow. One way to make it faster is to run the search in Fast Mode:

index="*" NOT index=_internal |fields + host sourcetype| dedup host sourcetype|table host by sourcetype

How do we get list of forwarders and sourcetypes?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!