Splunk search for List of inputs
Copy
| rest /services/data/inputs/all | table index source sourcetype title starttime endtime interval | eval interval=if(isnull(interval),"Not a scripted input",interval) | fillnull value="Null" | eval starttime=strftime(starttime,"%b %d, %Y %H:%M:%S"), endtime=strftime(endtime,"%b %d, %Y %H:%M:%S") | rename index as Index, source as Source, sourcetype as Sourcetype, title as Title, starttime as "First Event" endtime as "Latest Event", interval as Interval
This search will show you a table of all data inputs including the following information: the index the data is going to, the source and sourcetype of the data, the title of the file/script being ingested, the start and end time of the input, and the interval (if a scripted input).
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment