Splunk search for Unique Linux Hosts Reporting Linux Secure

Copy
sourcetype=linux_secure | rex "\w{3}\s\d{2}\s\d{2}:\d{2}:\d{2}\s(?<hostname>\S+)" | stats dc(hostname) as "Unique Hosts"
This search will provide the number of unique hosts that are reporting data from the linux secure log. This search will not actually list out the hostnames but rather will provide only a count of unique hosts.
0 comments

Category:

Linux


Tags:

linux unique hosts

Search Commands:

Sign in or Register to submit a comment