Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Servername and application.

SridharS
Path Finder
‎08-26-2015 10:28 AM

Hi, I am planning to create a dashboard. In that i need to know the servername replying to the headnode, server last update time, application that is using that server and the server platform(windows, linux.. etc). currently I am using 

  | metadata type=hosts | sort -recentTime | convert ctime(recentTime) as Latest_Time | table host, Latest_Time, totalCount

Can I know how it can be done.

Tags (2)
0 Karma
Reply

mlf
Path Finder
‎08-26-2015 02:07 PM

Assuming that by "applications" you mean Splunk apps deployed from a deployment server, and your deployment server is reachable from where ever you're searching, something like this might work:

| metadata type=hosts | sort -recentTime | convert ctime(recentTime) as Latest_Time | table host, Latest_Time, totalCount 
| join type=outer host [ 
   | rest /services/deployment/server/clients 
   | eval apps=" "
   | foreach applications.*.stateOnClient [ eval apps=if('<<FIELD>>'="enabled", apps."A"." <<MATCHSTR>>", apps) ] 
   | fields fields dns, utsname, apps 
   | rename dns as host 
] 
| fields host, Latest_Time, totalCount, utsname, apps
0 Karma
Reply
Get Updates on the Splunk Community!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...