![]() Splunk users search activity i ndex=_audit splunk_server=local action=search (id=* OR search_id=*) | stats count by Hostname version architectureĤ. | eval Hostname=if(isnull(hostname), sourceHost,hostname),version=if(isnull(version),"pre 4.2",version),architecture=if(isnull(arch),"n/a",arch) List of Forwarders Installed index="_internal" sourcetype=splunkd group=tcpin_connections NOT eventType=* | eventstats sum(b) as volume by idx, Dateģ. License usage by index index=_internal source=*license_usage.log type="Usage" splunk_server=*
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |