Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to determine the inputs to the Splunk environments from Search Head console

vikram_m
Path Finder
‎12-20-2016 11:15 PM

I have 3 indexers and 1 search head. From the search head is it possible any way to determine how many are the UF or Forwarders configured to my Splunk Architecture.

I am into an assignment and the individual previously working has left. Now I am totally messed up so as to determine howmuch and from where the data is pushed into Splunk environment.

Thanks.
Vikram.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 11:31 PM

Look at the metadata command, over a given period it will show you what hosts are sending data to Splunk. 

| metadata type=hosts index=*
| fields - firstTime,totalCount,type
| convert ctime(lastTime) ctime(recentTime)
| table host ageInSeconds lastTime recentTime

You can also use type=sourcetypes here and see relative sourcetypes.

See docs here : https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Metadata

Additionally, you can look at forwarder management on the DMC if you are using a more recent version and it will give you additional information such as topology and forwarder types coming in.

You can also look through _internal index and build from there..

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 11:31 PM

Look at the metadata command, over a given period it will show you what hosts are sending data to Splunk. 

| metadata type=hosts index=*
| fields - firstTime,totalCount,type
| convert ctime(lastTime) ctime(recentTime)
| table host ageInSeconds lastTime recentTime

You can also use type=sourcetypes here and see relative sourcetypes.

See docs here : https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Metadata

Additionally, you can look at forwarder management on the DMC if you are using a more recent version and it will give you additional information such as topology and forwarder types coming in.

You can also look through _internal index and build from there..

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...