Host not sending logs for x days

This Splunk Query will show hosts that stopped sending logs for at least 48 hours. You’ll want to change the time range to be relevant to your environment, and you may need to tweak the 48 hour range to something that is more appropriate for your environment.

Continue Reading →

Get Sourcetype and Index Info via TSTATS

Use the following simple tstats query to return the latest time events came in for a given index as well as list all sourcetypes for each index:

Continue Reading →