Splunk search for Events per linux host
Copy
sourcetype=linux_secure | rex "\w{3}\s\d{2}\s\d{2}:\d{2}:\d{2}\s(?<hostname>\S+)" | stats count by hostname
This search will provide a count of raw events that each linux host is sending to Splunk.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment