Solved: How to search for all devices in my environment th...

AaronMoorcroft · ‎09-17-2015

Morning Guys

I'm mid plan for ripping out our Splunk environment and starting again. As some of you may be aware from my past questions, I inherited our current Splunk environment which I don't believe was in a great state.

I'm looking at effectively starting fresh, but I don't know of all the devices sending in logs. Is there a search I can run that will pick up everything, Servers, Network Devices, everything else?

I have multiple Heavy Forwarders sending on logs from all over the place, all going to one indexer with a mini Splunk environment bolted on to that too. If someone could advise that would be awesome.

Thanks as always

alacercogitatus · ‎09-17-2015

You can run thorough all of the metadata.

|metadata type=hosts index=*

This will pull the metadata host value for anything on your indexer. This would be a quick starting point for you.

View solution in original post

alacercogitatus · ‎09-17-2015

You can run thorough all of the metadata.

|metadata type=hosts index=*

This will pull the metadata host value for anything on your indexer. This would be a quick starting point for you.

AaronMoorcroft · ‎09-18-2015

Thank you 🙂

brewster88 · ‎02-04-2019

Extremely useful answer, life saver today!

How to search for all devices in my environment that are sending logs to Splunk?

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?