Re: How to get the list of UF & HF in Splunk Cloud

alexspunkshell · ‎04-28-2022

How to get UF & HF list in Splunk Cloud

Roy_9 · ‎04-29-2022

@alexspunkshell You can view by navigating to forwarder management else you can try the below query

index="_internal" source="*metrics.lo*" group=tcpin_connections fwdType=uf | dedup hostname| table hostname,sourceIp,fwdType,guid,version,build,os,arch

alexspunkshell · ‎05-04-2022

@Roy_9 @richgalloway

How to check the forwarders/host which is not reporting for more than 60 days.

richgalloway · ‎05-04-2022

It's possible the computer was taken out of service.

If it's still there, login to the box and confirm the forwarder is present and running. Re-installed or restart it, as necessary. To help avoid this problem in the future, make sure the UF is configure to start at boot-up. Consider using GPO or similar features to ensure the UF stays installed and running.

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎04-28-2022

See the Forwarders menu in the Cloud Monitoring Console app.

---
If this reply helps you, Karma would be appreciated.

How to get the list of UF & HF in Splunk Cloud?

forwarder management

heavy forwarder

search head

universal forwarder

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4

Join the Conversation