Jump to content

Helpful Splunk Queries


Cowboy Denny

Recommended Posts

Here are some helpful queries I've used.

GENERAL QUERIES

Show all hosts in an index

| tstats count where index=infra_network by index sourcetype host
or
| metadata type=hosts index=infra_network

 

 

INFOBLOX QUERIES

Find Audit Log Messages (which doesn't always work since not always is audit logs in Splunk)

index=net_ops_prod_infoblox sourcetype="Infoblox:audit"

 

Find Mac-Address

index=net_ops_prod_infoblox "54:bf:64:a5:e0:82"

 

Find DNS entries

index=net_ops_prod_infoblox sourcetype="infoblox:dns"

 

Find DHCP entries

index=net_ops_prod_infoblox sourcetype="infoblox:dhcp"

 

F5 QUERIES

Another way of doing it

index=infra_network host=* sourcetype=f5:bigip:syslog | stats count by host instance | stats list(count) list(instance) by host

 

More coming

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...