Jump to content

Helpful Splunk Queries

Cowboy Denny

By Cowboy Denny,
in Splunk

 Share

Recommended Posts

Cowboy Denny Enthusiast

Cowboy Denny

Posted
Posted

Here are some helpful queries I've used.

GENERAL QUERIES

Show all hosts in an index 

| tstats count where index=infra_network by index sourcetype host
or
| metadata type=hosts index=infra_network

 

 

INFOBLOX QUERIES

Find Audit Log Messages (which doesn't always work since not always is audit logs in Splunk) 

index=net_ops_prod_infoblox sourcetype="Infoblox:audit"

 

Find Mac-Address 

index=net_ops_prod_infoblox "54:bf:64:a5:e0:82"

 

Find DNS entries 

index=net_ops_prod_infoblox sourcetype="infoblox:dns"

 

Find DHCP entries 

index=net_ops_prod_infoblox sourcetype="infoblox:dhcp"

 

F5 QUERIES

Another way of doing it 

index=infra_network host=* sourcetype=f5:bigip:syslog | stats count by host instance | stats list(count) list(instance) by host

 

More coming

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...