Jump to content

Helpful Splunk Queries

Cowboy Denny

Recommended Posts

Here are some helpful queries I've used.


Show all hosts in an index

| tstats count where index=infra_network by index sourcetype host
| metadata type=hosts index=infra_network




Find Audit Log Messages (which doesn't always work since not always is audit logs in Splunk)

index=net_ops_prod_infoblox sourcetype="Infoblox:audit"


Find Mac-Address

index=net_ops_prod_infoblox "54:bf:64:a5:e0:82"


Find DNS entries

index=net_ops_prod_infoblox sourcetype="infoblox:dns"


Find DHCP entries

index=net_ops_prod_infoblox sourcetype="infoblox:dhcp"



Another way of doing it

index=infra_network host=* sourcetype=f5:bigip:syslog | stats count by host instance | stats list(count) list(instance) by host


More coming


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...