Search: Get Splunk Universal Forwarder Version: Unterschied zwischen den Versionen
Aus Wiki-WebPerfect
Admin (Diskussion | Beiträge) |
Admin (Diskussion | Beiträge) |
||
Zeile 1: | Zeile 1: | ||
== Splunk Query == | == Splunk Query == | ||
<pre> | <pre> | ||
− | index="_internal" source="*metrics.lo*" group=tcpin_connections | dedup guid| eval sourceHost=if(isnull(hostname), sourceHost,hostname) | eval connectionType=case(fwdType=="uf","universal forwarder", fwdType=="lwf", "lightweight forwarder",fwdType=="full", "heavy forwarder", connectionType=="cooked" or connectionType=="cookedSSL","Splunk forwarder", connectionType=="raw" or connectionType=="rawSSL","legacy forwarder")| eval build=if(isnull(build),"n/a",build) | eval version=if(isnull(version),"pre 4.2",version) | eval guid=if(isnull(guid),sourceHost,guid) | eval os=if(isnull(os),"n/a",os)| eval arch=if(isnull(arch),"n/a",arch) | table sourceHost connectionType sourceIp sourceHost ssl ack build version os arch guid | + | index="_internal" source="*metrics.lo*" group=tcpin_connections |
+ | | dedup guid | ||
+ | | eval sourceHost=if(isnull(hostname), sourceHost,hostname) | ||
+ | | eval connectionType=case(fwdType=="uf","universal forwarder", fwdType=="lwf", "lightweight forwarder",fwdType=="full", "heavy forwarder", connectionType=="cooked" or connectionType=="cookedSSL","Splunk forwarder", connectionType=="raw" or connectionType=="rawSSL","legacy forwarder") | ||
+ | | eval build=if(isnull(build),"n/a",build) | ||
+ | | eval version=if(isnull(version),"pre 4.2",version) | ||
+ | | eval guid=if(isnull(guid),sourceHost,guid) | ||
+ | | eval os=if(isnull(os),"n/a",os) | ||
+ | | eval arch=if(isnull(arch),"n/a",arch) | ||
+ | | table sourceHost connectionType sourceIp sourceHost ssl ack build version os arch guid | ||
</pre> | </pre> | ||
Aktuelle Version vom 12. August 2021, 08:54 Uhr
Splunk Query
index="_internal" source="*metrics.lo*" group=tcpin_connections | dedup guid | eval sourceHost=if(isnull(hostname), sourceHost,hostname) | eval connectionType=case(fwdType=="uf","universal forwarder", fwdType=="lwf", "lightweight forwarder",fwdType=="full", "heavy forwarder", connectionType=="cooked" or connectionType=="cookedSSL","Splunk forwarder", connectionType=="raw" or connectionType=="rawSSL","legacy forwarder") | eval build=if(isnull(build),"n/a",build) | eval version=if(isnull(version),"pre 4.2",version) | eval guid=if(isnull(guid),sourceHost,guid) | eval os=if(isnull(os),"n/a",os) | eval arch=if(isnull(arch),"n/a",arch) | table sourceHost connectionType sourceIp sourceHost ssl ack build version os arch guid