Dashboards & Visualizations

Tips on creating a dashboard that reports the total number of hosts in the network?

AJeepDude
New Member

I have a search "host=192.168.68.0/23|table host |dedup host" that gives me a list of IP addresses. I would like to turn this into a dashboard item that will report the total number of hosts in this network. How can I do that?

0 Karma

damien_chillet
Builder

The classic way:

  host=192.168.68.0/23 | stats dc(host) as host_count

A bit more advanced (and faster):

| tstats dc(host) as host_count where index=<your_index> sourcetype=<your_sourcetype> host=192.168.68.0/23
0 Karma

renjith_nair
SplunkTrust
SplunkTrust

If you are looking for just count, this should work

<your search>|stats count by host|fields count
Happy Splunking!
0 Karma

cpetterborg
SplunkTrust
SplunkTrust

Actually if you want only the count of the number of hosts, you would have to do:

<your search> |stats count by host | stats count
0 Karma

niketn
Legend

@AJeepDude, I am not sure how your query is working. In the base search you have filtered only one host then table host should give you only one result. Can you provide the index or sourcetype for your base search?

If you have to find the total number of hosts, you should better try dbinspect which gives hostCount or metadata or tstats command specifically for such statistics. Read the documentation and based on your needs coming up with desired query should be easy.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

damien_chillet
Builder

The search is not filtering to one host, it is a CIDR Notation.
Splunk handles CIDR notations.

All hosts with an IP address in the 192.168.68.0/23 (512 possibilities here) network should be returned!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...