Splunk Search

How to search for all devices in my environment that are sending logs to Splunk?

AaronMoorcroft
Communicator

Morning Guys

I'm mid plan for ripping out our Splunk environment and starting again. As some of you may be aware from my past questions, I inherited our current Splunk environment which I don't believe was in a great state.

I'm looking at effectively starting fresh, but I don't know of all the devices sending in logs. Is there a search I can run that will pick up everything, Servers, Network Devices, everything else?

I have multiple Heavy Forwarders sending on logs from all over the place, all going to one indexer with a mini Splunk environment bolted on to that too. If someone could advise that would be awesome.

Thanks as always

0 Karma
1 Solution

alacercogitatus
SplunkTrust
SplunkTrust

You can run thorough all of the metadata.

|metadata type=hosts index=*

This will pull the metadata host value for anything on your indexer. This would be a quick starting point for you.

View solution in original post

alacercogitatus
SplunkTrust
SplunkTrust

You can run thorough all of the metadata.

|metadata type=hosts index=*

This will pull the metadata host value for anything on your indexer. This would be a quick starting point for you.

AaronMoorcroft
Communicator

Thank you 🙂

0 Karma

brewster88
New Member

Extremely useful answer, life saver today!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...