Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to determine the inputs to the Splunk environments from Search Head console

vikram_m
Path Finder
‎12-20-2016 11:15 PM

I have 3 indexers and 1 search head. From the search head is it possible any way to determine how many are the UF or Forwarders configured to my Splunk Architecture.

I am into an assignment and the individual previously working has left. Now I am totally messed up so as to determine howmuch and from where the data is pushed into Splunk environment.

Thanks.
Vikram.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 11:31 PM

Look at the metadata command, over a given period it will show you what hosts are sending data to Splunk. 

| metadata type=hosts index=*
| fields - firstTime,totalCount,type
| convert ctime(lastTime) ctime(recentTime)
| table host ageInSeconds lastTime recentTime

You can also use type=sourcetypes here and see relative sourcetypes.

See docs here : https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Metadata

Additionally, you can look at forwarder management on the DMC if you are using a more recent version and it will give you additional information such as topology and forwarder types coming in.

You can also look through _internal index and build from there..

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 11:31 PM

Look at the metadata command, over a given period it will show you what hosts are sending data to Splunk. 

| metadata type=hosts index=*
| fields - firstTime,totalCount,type
| convert ctime(lastTime) ctime(recentTime)
| table host ageInSeconds lastTime recentTime

You can also use type=sourcetypes here and see relative sourcetypes.

See docs here : https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Metadata

Additionally, you can look at forwarder management on the DMC if you are using a more recent version and it will give you additional information such as topology and forwarder types coming in.

You can also look through _internal index and build from there..

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...