| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-identities
| rename title as user_title
| map [ | rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_connections | search disabled=0 AND identity="$user_title$" | eval username="$username$", domain_name="$domain_name$" ]
| table title connection_type database host identity username domain_name
0 comments
[1]
[1]
[1]
[1]
| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-identities
0 comments
[1]
[1]
[1]
[1]
| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_connections
0 comments
[1]
[1]
[1]
[1]
| tstats count where index=* by _time, _indextime, sourcetype | rename _* as * | eval diff_secs=indextime-time, diff_hours=diff_secs/60/60 | stats max(diff_secs) as diff_secs, max(diff_hours) as diff_hours by sourcetype
0 comments
[1]
[1]
[1]
[1]
| tstats count where index=* by _time, _indextime, index | rename _* as * | eval diff_secs=indextime-time, diff_hours=diff_secs/60/60 | stats max(diff_secs) as diff_secs, max(diff_hours) as diff_hours by index
1 comment
[1]
[1]
[1]
[1]
index=_internal sourcetype=splunk_python sendemail ERROR
0 comments
[1]
[1]
[1]
[1]
index=_introspection component=Hostwide | bin _time span=1d | stats values(data.splunk_version) by _time, host
0 comments
[2]
[1]
[2]
[1]
index=_audit action=search search=* user!=splunk-system-user provenance!=scheduler | table _time user search host total_run_time result_count | sort - _time
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /services/deployment/server/serverclasses | table title whitelist* blacklist*
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /services/deployment/server/clients | eval now=now(), diffTime=now-lastPhoneHomeTime, lastPhoneHomeTime=strftime(lastPhoneHomeTime,"%b %d, %Y %H:%M:%S") | search diffTime>86400 | table hostname ip instanceName utsname package splunkVersion lastPhoneHomeTime
0 comments
[1]
[1]
[1]
[1]