-
2 years, 8 months ago
cm1805mason commented on the post, List of Universal Forwarders with Version
In reply to: SplunkNinja wrote a new post The following Splunk query will return results of any host using a universal forwarder to transmit data back to a Splunk indexer. The query will return hostname, version, as well as […] ViewJust Linux
index=”_internal” sourcetype=splunkd group=tcpin_connections NOT eventType=* source=”/opt/splunk/var/log/splunk/metrics.log” | eval Hostname=if(isnull(hostname), sourceHost,hostname) | eval version=if(isnull(version),”pre 4.2″,version) | eval architecture=if(isnull(arch),”n/a”,arch) | dedup hostname,_time | stats count by…[Read more]
-
2 years, 8 months ago
cm1805mason commented on the post, List of Universal Forwarders with Version
In reply to: SplunkNinja wrote a new post The following Splunk query will return results of any host using a universal forwarder to transmit data back to a Splunk indexer. The query will return hostname, version, as well as […] ViewFor Windows
index=”_internal” sourcetype=splunkd group=tcpin_connections NOT eventType=* source=”C:Program FilesSplunkUniversalForwardervarlogsplunkmetrics.log” | eval Hostname=if(isnull(hostname), sourceHost,hostname) | eval version=if(isnull(version),”pre 4.2″,version) | eval architecture=if(isnull(arch),”n/a”,arch) | dedup…[Read more]
-
2 years, 8 months ago
cm1805mason commented on the post, List of Login Attempts to Splunk
In reply to: CattyWampus wrote a new post This will return a list of users who attempted to login to the splunk searchhead. It will list both successful attempts and failed attempts. index=_audit tag=authentication | stats […] Viewindex=_audit tag=authentication | dedup user | stats count by user, info timestamp | sort – info
-
6 years, 10 months ago
cm1805mason became a registered member
-
6 years, 10 months ago
cm1805mason became a registered member
