Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I display multiple sources, hosts, and source types on a table?

maryamchar
Explorer
‎10-10-2018 02:48 PM

I want a table that shows my hosts, sources, source types, and indexes with some data feeds. How do I approach that?

i was thinking to do 

source=" source1" , host = " " sourcetype "sourcetype11 " , index= "index1" 
source="source2"  , host = " " sourcetype "sourcetype22 " , index= "index2" 

|table source, host, sourcetype, index

The above is not working and not giving me results. Is there an easy way to solve this problem? I'm using Splunk Enterprise search and reporting. Thanks!

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-10-2018 02:59 PM

Try | tstats count by source, host, sourcetype, index | table source host sourcetype index.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-10-2018 02:59 PM

Try | tstats count by source, host, sourcetype, index | table source host sourcetype index.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

maryamchar
Explorer
‎10-10-2018 03:09 PM

Thank you so much!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...