Last active
January 27, 2020 21:04
-
-
Save yorokobi/7c63e36c6c445f6f62f1 to your computer and use it in GitHub Desktop.
Client info from Deployment Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| | rest /services/deployment/server/clients splunk_server=local | |
| | fields averagePhoneHomeInterval build clientName guid hostname lastPhoneHomeTime splunkVersion utsname | |
| | rex field=hostname "(?<sourceHost>[^\.]+)\.(?<sourceDomain>.+)" | |
| | eval sourceHost = if( isnull(sourceDomain), hostname, sourceHost ) | |
| | eval sourceHost = lower(sourceHost) | |
| | rex field=utsname "(?<os>[^\-]+)\-(?<arch>.+)" | |
| | eval os = case( os = "linux", "Linux", os = "windows", "Windows" ) | |
| | fields - utsname hostname | |
| | convert timeformat="%F %T" ctime(lastPhoneHomeTime) | |
| | table sourceHost sourceDomain os arch splunkVersion build guid clientName averagePhoneHomeInterval lastPhoneHomeTime updated | |
| | sort splunkVersion sourceHost sourceDomain |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment