![]() But, as you can see, we lare loosing some hosts in this case: ![]() ![]() Index="test" type="software_installed" | table host software_installed | eval software_installed = "+" | uniq Index="test" type="active_host" | table host active_host | eval active_host = "+" | uniqĪnd create a table for installed software: To get the whole picture, I want to make a table where in first column will be name of the host, in second will be “+” when the host is active, in third will be “+” if software was installed on this host. You can read more about it in my post “ Export anything to Splunk with HTTP Event Collector“. I will make make json events and send them to Splunk using HTTP Event Collector. Note the host0, that is not among the active hosts. And events for host0, host1, host4 with installed software. I will create events for host1, host2 … host5 that are active. □įirst of all, let’s send some generated data to Splunk. We want to get some diagrams in Splunk that will show us on which hosts the software is installed and how number of such hosts is changing in time.Īs you can see, the task is quite a trivial and it can be easily implemented in pure Python.We will send “host X is active” and “software is installed on host X” events to the Splunk server.Some software product should be installed these hosts. ![]() □ I just learned some tricks, they worked for me well and I want to share it with you. I don’t have an idea if I am doing this the right or in optimal way. So, I decided to write a small post about it myself.ĭisclaimer: I’m not a pro in Splunk. And there not so many publicly available examples of this on the Internet. Despite the fact that I have already done various Splunk searches before, for example in “ Tracking software versions using Nessus and Splunk“, the correlation of different events in Splunk seems to be a very different task. Recently I’ve spent some time dealing with Splunk. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |