Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to determine the inputs to the Splunk environments from Search Head console

vikram_m
Path Finder
‎12-20-2016 11:15 PM

I have 3 indexers and 1 search head. From the search head is it possible any way to determine how many are the UF or Forwarders configured to my Splunk Architecture.

I am into an assignment and the individual previously working has left. Now I am totally messed up so as to determine howmuch and from where the data is pushed into Splunk environment.

Thanks.
Vikram.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 11:31 PM

Look at the metadata command, over a given period it will show you what hosts are sending data to Splunk. 

| metadata type=hosts index=*
| fields - firstTime,totalCount,type
| convert ctime(lastTime) ctime(recentTime)
| table host ageInSeconds lastTime recentTime

You can also use type=sourcetypes here and see relative sourcetypes.

See docs here : https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Metadata

Additionally, you can look at forwarder management on the DMC if you are using a more recent version and it will give you additional information such as topology and forwarder types coming in.

You can also look through _internal index and build from there..

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 11:31 PM

Look at the metadata command, over a given period it will show you what hosts are sending data to Splunk. 

| metadata type=hosts index=*
| fields - firstTime,totalCount,type
| convert ctime(lastTime) ctime(recentTime)
| table host ageInSeconds lastTime recentTime

You can also use type=sourcetypes here and see relative sourcetypes.

See docs here : https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Metadata

Additionally, you can look at forwarder management on the DMC if you are using a more recent version and it will give you additional information such as topology and forwarder types coming in.

You can also look through _internal index and build from there..

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...