Number of Hosts Associated with a Serverclass

The following query will list the number of hosts associated with all serverclasses on your Splunk Deployment server. This query should be run on your Deployment Server.

Continue Reading →

Show Searches with Details (Who | When | What)

The following Splunk search will show a list of searches ran on a splunk server with the following details: Who ran the search What sourcetype was used What index was used What the search string was When the search was last ran

Continue Reading →

Index Modifications

This Splunk query should show which users attempted to modify an index and if that action was successful:

Continue Reading →

Dashboard and App views by user

This Splunk query / search shows historical access to dashboards and apps on a local splunk server.

Continue Reading →

Show Splunk User to Role mapping

The following Splunk REST query shows all roles, number of  capabilities, and landing app for each user.

Continue Reading →

Total Number of Hosts reporting in.

This query will list the total number of hosts reporting to the indexer for any specified time range. This only works for universal forwarders. If you have hosts reporting in over syslog (typically port 514) they will not be listed.

Continue Reading →

Detailed list of Universal Forwarders Reporting to Indexer

The following query will list in detail information on the universal forwarders checking into the indexer. I’ve renamed some of the fields to be more user-friendly.

Continue Reading →

Splunk User Search Activity

This will return a table of users who conducted searches, the total time it took for searches to complete, a count of said searches, and the last time a search was conducted. *NOTE* You will need to modify “splunk_server=local” specifically the “local” section to represent your Splunk server.

Continue Reading →

Internal Splunk User Modifications

This query will search the internal audit sourcetype of splunk and report on any user modification attempts, both success and fail.

Continue Reading →