To get the list of datasources in splunk

AL3Z · ‎12-01-2023

Hi,

I am trying to get the information how many datasources and endpoints we have Integrated in to splunk.How can we get this information can anyone pls provide me a query to find this ..

AL3Z · ‎12-01-2023

@gcusello @richgalloway
Please correct me if I'm mistaken, but the source is where the data begins, while the endpoint acts as the destination or host where the data is either stored or received.

richgalloway · ‎12-01-2023

Computer terms can be confusing since they often have several meanings.

"source" is where the data comes from. In Splunk metadata, the source is the name of the file from which the data originated. "source" can also refer to the originating server or app.

"endpoint" usually refers to a user workstation, but a specific REST command is also an endpoint.

---
If this reply helps you, Karma would be appreciated.

gcusello · ‎12-01-2023

Hi @AL3Z ,

as I said, with my search you have the list of all data flows (sourcetypes) for each endpoint (host).

Ciao.

Giuseppe

richgalloway · ‎12-01-2023

There's also this method to get a list of data sources

| tstats count where index=* by source

---
If this reply helps you, Karma would be appreciated.

gcusello · ‎12-01-2023

Hi @AL3Z ,

you could use one of these searches:

list of endpoints:

| tstats count WHERE index=* BY host

list of data sources:

| tstats count WHERE index=* BY sourcetype

you can also gave both the information in pone search:

| tstats values(sourcetype) AS sourcetype count WHERE index=* BY host

Ciao.

Giuseppe

To get the list of datasources in splunk

stats

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!