Created
November 9, 2017 17:16
-
-
Save faststeak/b75aca9770e7096a8e09eb47e12b984d to your computer and use it in GitHub Desktop.
Splunk Deployment Server - Search to find server class, app, and client info
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| | rest splunk_server=local /services/deployment/server/clients | |
| | fields applications.*, title,clientName, dns, ip, instanceName | |
| | foreach applications.*.archive | |
| [ eval apps=mvappend(apps, '<<FIELD>>')] | |
| | foreach applications.*.serverclasses | |
| [ eval serverClass=mvappend(serverClass, '<<FIELD>>')] | |
| | fields apps, serverClass, title, clientName, dns, ip, instanceName | |
| | rex field=apps max_match=100 "(?<app_name>[^\/]+)-\d+\.bundle" | |
| | fields - apps | |
| | stats dc(app_name) values(*) AS * by title |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment