REST API response time

This is a Splunk query to measure REST API response time from the various rest URI’s in Splunk.

Credit goes to somesoni2 on answers.splunk.com! Query found here: https://answers.splunk.com/answers/112073/splunk-query-to-measure-rest-api-response-time.html

Continue Reading →

Get Sourcetype and Index Info via TSTATS

Use the following simple tstats query to return the latest time events came in for a given index as well as list all sourcetypes for each index:

Continue Reading →

Show Splunk User to Role mapping

The following Splunk REST query shows all roles, number of  capabilities, and landing app for each user.

Continue Reading →

Count of Splunk Errors Per Host

The following Splunk query will list the number of errors associated with each host over a given time range:

Continue Reading →

Traffic Volume by Forwarder

This Splunk search query will show you the top 10 “chattiest” forwarders on your network. I’ve used this query to determine why some forwarders were sending more data than others. The results are displayed in kilobits, you could use an eval to change it to the appropriate size for your network.

Continue Reading →