index=_internal sourcetype=splunk_python action="handleCreate"
| stats latest(_time) as _time by loginUsername indexName
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /servicesNS/-/Splunk_SA_CIM/data/models | fields title eai:data | spath input=eai:data path=objects{}.fields{} output=fields | mvexpand fields | spath input=fields | fields - eai:data fields
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /services/deployment/server/serverclasses | table title whitelist* blacklist*
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /services/deployment/server/clients | eval now=now(), diffTime=now-lastPhoneHomeTime, lastPhoneHomeTime=strftime(lastPhoneHomeTime,"%b %d, %Y %H:%M:%S") | search diffTime>86400 | table hostname ip instanceName utsname package splunkVersion lastPhoneHomeTime
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /services/deployment/server/clients | table hostname ip instanceName utsname package splunkVersion
0 comments
[0]
[0]
[0]
[0]
| rest /services/apps/local | search disabled IN ("false",0)| table title version description splunk_server
0 comments
[0]
[0]
[0]
[0]
index=* | stats count by _raw, index, sourcetype, source, host | where count>1
0 comments
[1]
[0]
[1]
[0]
index=* | stats count by _raw, index, sourcetype | where count>1 | stats values(sourcetype) as sourcetype by index
0 comments
[1]
[0]
[1]
[0]
index=_internal earliest=@d latest=now | stats latest(_time) as _time, values(view) as view, values(app) as app, values(uri) as uri by user
0 comments
[1]
[0]
[1]
[0]
index=_internal earliest=-5m latest=now sourcetype=splunk_web_access user!="internal_monitoring" user!="-" | stats count by user | fields - count
0 comments
[0]
[0]
[0]
[0]