| rest splunk_server=local /services/deployment/server/clients | table hostname ip instanceName utsname package splunkVersion
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /services/deployment/server/applications | search serverclass=* | table title serverclasses stateOnClient
0 comments
[0]
[0]
[0]
[0]
| rest /services/apps/local | search disabled IN ("false",0)| table title version description splunk_server
0 comments
[0]
[0]
[0]
[0]
index=_internal sourcetype=splunkd earliest=-7d latest=now component=BucketMover | rex field=bkt "/opt/splunk/var/lib/splunk/cold/(?<frozen_index>[^/]+)" | stats count by frozen_index
0 comments
[0]
[0]
[0]
[0]
index=* | stats count by _raw, index, sourcetype, source, host | where count>1
0 comments
[1]
[0]
[1]
[0]
index=* | stats count by _raw, index, sourcetype | where count>1 | stats values(sourcetype) as sourcetype by index
0 comments
[1]
[0]
[1]
[0]
index=_internal earliest=@d latest=now | stats latest(_time) as _time, values(view) as view, values(app) as app, values(uri) as uri by user
0 comments
[1]
[0]
[1]
[0]
index=_internal earliest=-5m latest=now sourcetype=splunk_web_access user!="internal_monitoring" user!="-" | stats count by user | fields - count
0 comments
[0]
[0]
[0]
[0]
index=_audit sourcetype=audittrail savedsearch_name=<insert search title> earliest=-365d | stats earliest(_time) as created | eval created=strftime(created,"%m/%d/%Y %H:%M:%S")
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /servicesNS/-/-/saved/searches | where match('action.correlationsearch.enabled',"1|(?i)true") | table title search updated
0 comments
[0]
[0]
[0]
[0]