Hello all - hoping this isn't too difficult.
I am looking to export the IP addresses of all hosts logging to a specific index to a text file. I have this:
| metadata type=hosts index=[example index] | stats count by host
But this shows the name of the host. When I manually look through the logs, I don't see the source IP as a field. Just the hostname configured in the outputs.conf of each machine.
Then the second part is exporting them to a text file; is this accurate?
outputtext usexml=false | rename _xml as raw | fields raw | fields - _* | outputcsv results.txt
I believe this will export it to $SPLUNK_HOME/var/run/splunk/results.txt. Is it possible to change where it exports the txt file? I would like the text file placed in the Splunk web dir so the text file is hosted and can be queried by other devices.
↧