I am new to Splunk,
I am okey to use APIs to fetch the required details or even by running commands in the server, but i would like to know how to fetch the below details from the server:
1)which all roles are enabled for the server ?
2)what is the current status of each of them ?
any help is really appreciated.
@ kaushik_kmk I know this isnt a REST solution. From the license manager you can monitor the roles and status. Settings > Monitoring Console. This query will also tell you the status of the server:
index=_internal sourcetype=splunkd group=tcpin_connections hostname=<splunk_servers>
max(_time) as last_connected,
sum(kb) as sum_kb by guid, hostname
| eval connected_last = strftime(last_connected, "%F %T.%3N")
| eval status = if(isnull(sum_kb) or (sum_kb <= 0) or (last_connected < (info_max_time - 900)), "missing", "active")
| table hostname last_connected status
@jscraig2006 , Thank you for responding!
Exactly you are correct that we can view the status in the monitoring console, but how does the monitoring console fetch this information ???
If we have any API to fetch the information about the status of each role, i can use it for my purpose of doing health check.
@kaushik_kmk.. Gotcha.. Here is a link regarding all the Splunk API references. https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTREF/RESTprolog
Hope this helps
I tried with the below,
https://myhost:8089/services/server/info ---> it gives me server roles:
Now, if my understanding is correct, can we check if each of the role is working correctly or not ? (running/stopped), if YES, HOW ?
Please correct me if the above statement is wrong.