Deployment Architecture

Ultimate Hostname from GUID

gabriel_vasseur
Contributor

This has been asked before but the solutions I have seen are only for indexers. The best one I've seen is:

 

| rest /services/cluster/config 
| fields splunk_server guid

 

But like I said this is only for indexers.

I want something for search heads.

Also, why not also include the cluster master, license manager, deployment server, search head deployer, and all the data forwarders, that would be quite useful.

Labels (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

A REST request to a cluster endpoint is valid only for cluster members (indexers).  To get GUIDs for other instance types you must send different requests.

For forwarders, try sending /services/deployment/server/clients to the Deployment Server.

For most other instances, try sending  /services/search/distributed/peers to the Monitoring Console..

You can send  /services/server/info to any instance to get that instance's GUID.

Each Splunk server logs its GUID to splunkd.log at startup.  If your internal logs go back far enough then you can fetch a list of GUIDs with a search something like this

index=_internal sourcetype=splunkd log_level=INFO component=ServerConfig "- My GUID is "
| dedup host
| rex "My GUID is (?<GUID>.*)"
| table host GUID

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

A REST request to a cluster endpoint is valid only for cluster members (indexers).  To get GUIDs for other instance types you must send different requests.

For forwarders, try sending /services/deployment/server/clients to the Deployment Server.

For most other instances, try sending  /services/search/distributed/peers to the Monitoring Console..

You can send  /services/server/info to any instance to get that instance's GUID.

Each Splunk server logs its GUID to splunkd.log at startup.  If your internal logs go back far enough then you can fetch a list of GUIDs with a search something like this

index=_internal sourcetype=splunkd log_level=INFO component=ServerConfig "- My GUID is "
| dedup host
| rex "My GUID is (?<GUID>.*)"
| table host GUID

 

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...