Hi,
Below is the query i am using to get the hostname , IP addresses and last reported to splunk .
| metadata type=hosts index=apache_web splunk_server_group=abc | search [ | makeresults | eval host= apacheweb123 | table host | makemv host delim=" " | mvexpand host | eval host="*".host."*" | format ] | table host | append [ | makeresults | eval host=apacheweb123 | table host | makemv host delim=" " | mvexpand host ] | join [ search index=_internal hostname=* | stats count by hostname sourceIp | table hostname sourceIp | rename hostname as host ]
But the above search is not working when the server group is mentioned but i need server groups to make search faster over a large data . Any help to get the hostname , IP address , Last reported by including splunk_server_group would be appreciated.
↧