Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

newbe question: How do I list machines reporting to my splunk server?

jawehren
Engager
‎10-22-2010 05:53 PM

How do I list machines reporting to my server?

Tags (1)
Reply

ftk
Motivator
‎10-22-2010 09:02 PM

This search will give you all hosts reporting to your indexer and the last time they forwarded data.

| metadata type=hosts index=foo | eval last_contact=now()-recentTime
Reply

muebel
SplunkTrust
SplunkTrust
‎10-22-2010 08:30 PM

Here are a couple searches that will get a list of hosts. This one will give you all machines in last 10 minutes reporting in:

* minutesago=10 | dedup host | stats list(host)

you can run this over any time frame you want... minutesago=30? Or, you can use the time picker and select "custom time" to look at all host reporting in during the time frame of your choice.

Here is another search that gives you all hosts reporting in, but also the number of events from each host:

* minutesago=10 | chart count(host) by host

The above search will give you each host reporting in during last 10 minutes, and also the number of events from that host. Lets you see who is most active.

0 Karma
Reply

southeringtonp
Motivator
‎10-22-2010 05:55 PM

Run the following search:

| metadata hosts
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...