Search Results in Splunk
To view selected syslog data from Asset Manager in Splunk:
- On the Splunk Apps page, select Asset Manager App for Splunk.
- Select the Search tab.
- Enter your search criteria. Examples follow:
- source=”tcp:9997”
- index=Asset Manager
- sourcetype=”Asset Manager_log_parser”
- Combine all three into one search
- index=Asset Manager sourcetype=”Asset Manager_log_parser” source=”tcp:9997”
index=Asset Manager sourcetype="Asset Managerapiparser" *|table "Account ID" "Instance ID" "Public IP Address" Provider numberofinterfaces Name Region securitygroupsids{}{} | where numberofinterfaces not null and Provider not null and Name not null and Region not null| rename securitygroupsids{}{} as securitygroupsids
index=Asset Manager sourcetype=Asset Managerapiparser * |table "First Observed" "Last Observed" "DNS name" active device_id Device_Type inbound IP_Address known MAC_Address Operating_System outbound scantypes{} protocols{} snmpaccessible snmpresponder target vendor version zoneid zonename| search "First Observed"=* OR "DNS name"=* OR "Last Observed"=* OR active=* OR device_id=* OR Device_Type=* OR inbound=* OR IP_Address=* OR known=* OR MAC_Address=* OR Operating_System=* OR outbound=* OR scantypes{}=* OR protocols{}=* OR snmpaccessible=* OR snmpresponder=* OR target=* OR vendor=* OR version=* OR zoneid=* OR zonename=*
index=Asset Manager sourcetype="Asset Managerapiparser" |table os count time| fields - time
| where count not null and os not nullindex=Asset Manager sourcetype="Asset Managerapiparser" * source_name=* | table ip os devicetype dns mac ts
- index=Asset Manager sourcetype="Asset Managerapiparser" * |table integrationname enabled count ts|where integrationname not nul