Created
January 15, 2015 21:39
-
-
Save yorokobi/b9f5c8191c04091b4a11 to your computer and use it in GitHub Desktop.
REST Query on Splunk Deployment Server to obtain recent UF connections
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| | rest /services/deployment/server/clients splunk_server=local | | |
| fields averagePhoneHomeInterval build clientName guid hostname lastPhoneHomeTime updated utsname | | |
| rex field=hostname "(?<sourceHost>[^\.]+)\.(?<sourceDomain>.+)" | | |
| eval sourceHost = if( isnull(sourceDomain), hostname, sourceHost ) | | |
| rex field=utsname "(?<os>[^\-]+)\-(?<arch>.+)" | | |
| eval os = case( os = "linux", "Linux", os = "windows", "Windows" ) | | |
| fields - utsname hostname | | |
| lookup version2build.csv build | | |
| table sourceHost sourceDomain os arch version build guid clientName averagePhoneHomeInterval lastPhoneHomeTime updated | | |
| sort version sourceHost sourceDomain |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment