Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to determine the inputs to the Splunk environments from Search Head console

vikram_m
Path Finder
‎12-20-2016 11:15 PM

I have 3 indexers and 1 search head. From the search head is it possible any way to determine how many are the UF or Forwarders configured to my Splunk Architecture.

I am into an assignment and the individual previously working has left. Now I am totally messed up so as to determine howmuch and from where the data is pushed into Splunk environment.

Thanks.
Vikram.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 11:31 PM

Look at the metadata command, over a given period it will show you what hosts are sending data to Splunk. 

| metadata type=hosts index=*
| fields - firstTime,totalCount,type
| convert ctime(lastTime) ctime(recentTime)
| table host ageInSeconds lastTime recentTime

You can also use type=sourcetypes here and see relative sourcetypes.

See docs here : https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Metadata

Additionally, you can look at forwarder management on the DMC if you are using a more recent version and it will give you additional information such as topology and forwarder types coming in.

You can also look through _internal index and build from there..

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 11:31 PM

Look at the metadata command, over a given period it will show you what hosts are sending data to Splunk. 

| metadata type=hosts index=*
| fields - firstTime,totalCount,type
| convert ctime(lastTime) ctime(recentTime)
| table host ageInSeconds lastTime recentTime

You can also use type=sourcetypes here and see relative sourcetypes.

See docs here : https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Metadata

Additionally, you can look at forwarder management on the DMC if you are using a more recent version and it will give you additional information such as topology and forwarder types coming in.

You can also look through _internal index and build from there..

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...