Getting Data In

How do you find other devices that are coming in from other source types within the networking index?

yzaari
New Member

Basically, I need to make sure that, from syslog-ng servers, they are tagging the right source types and source addresses (not the syslog server IP but the Network Device IP) and forwarding this syslog info over to Splunk.

0 Karma

prakash007
Builder

@yzaari: let's assume that your index=network, there are many ways to grab the info, I will list few here...

| metadata type=hosts index=network
| tstats values(host) as hosts, values(sourcetype) as sourcetypes where index=network
| tstats values(sourcetype) values(host) where index=network group by index

https://docs.splunk.com/Documentation/Splunk/7.2.1/SearchReference/Metadata

0 Karma

yzaari
New Member

Thanks a lot this helpful.
I just don’t know why I am not seeing all of our devices in the network in the list.
Also I want to be able to use the Cisco networks dashboard and monitor all the devices in the network that are Cisco.

0 Karma

prakash007
Builder

check your inputs.conf on your syslog(do you have any host_segement or host_regex in there)..
index=network | dedup host | table host (might give you hosts forwarding to that index)

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...