Cowboy Denny Posted August 2, 2022 Share Posted August 2, 2022 Here are some helpful queries I've used. GENERAL QUERIES Show all hosts in an index | tstats count where index=infra_network by index sourcetype host or | metadata type=hosts index=infra_network INFOBLOX QUERIES Find Audit Log Messages (which doesn't always work since not always is audit logs in Splunk) index=net_ops_prod_infoblox sourcetype="Infoblox:audit" Find Mac-Address index=net_ops_prod_infoblox "54:bf:64:a5:e0:82" Find DNS entries index=net_ops_prod_infoblox sourcetype="infoblox:dns" Find DHCP entries index=net_ops_prod_infoblox sourcetype="infoblox:dhcp" F5 QUERIES Another way of doing it index=infra_network host=* sourcetype=f5:bigip:syslog | stats count by host instance | stats list(count) list(instance) by host More coming Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now