I do have the IP address of the instance but I have no idea how to pull any info from it. Any help is appreciated.
for more details you also can use splunk metadata command ..
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Metadata
like ..
| metadata type=hosts index=_internal | where host="" | convert ctime(firstTime) ctime(lastTime) ctime(recentTime)
in result you will get the status of your splunk instance.
Try this on SH GUI
index=_internal host=your_host
You will see info regarding your host
On the left side of SH GUI you will see log_level field in which you will see error ,info and warning regarding your host so you can troubleshoot further.
You can use
index=_internal host=Your_host source=splunkd.log
In order to get the info about the splund process.
Hi thanks for your response in the place of host can i give host = ip address like this.
It should be field=value pair
host is your field and value is your host IP
Or else you can directly write
index=_internal "host_ip" NOT StreamedSearch
Let me know if it works!
if you can access the instance you can check :
$SPLUNK_HOME/bin/
./splunk status
this will show you if Splunk is running
is there any way to check from SH GUI
you can run a search against that instance to see if its returning data from the _internal index
ie:
index=_internal host=10.10.10.1 source=*splunkd.log*