Getting Data In

How to check server roles via the rest api?

anton085
Path Finder

Hi,

I am new to Splunk. I want to know if I can tell the differences of roles of Splunk servers using the REST API. For example, is it possible to know if a Splunk server is a heavy forwarder or a universal forwarder, or an indexer?

Thanks.

0 Karma

woodcock
Esteemed Legend

You can tell if it is a UF because that has a particular package that is different than the full enterprise package. The other roles are determined by how you configure it. For example, for a non-UF server, if it has a serverclass.conf file (which you can check with the REST API), then it is a DS. If it has an outputs.conf file, then it is a HF. If it has a distserach.conf file, then it is a Search Head (which covers MC, LC, DS, so this does not tell anything other than it is not an Indexer or UF).

0 Karma

tpickle
Splunk Employee
Splunk Employee

I know this is an old post but every Splunk enterprise server in a distributed deployment, except indexers, should have outputs.conf to forward its internal logs to the indexer(s). Also, the MC doesn't have a HF role designated, so I assume you aren't referring to MC roles here, just a function that server is performing. Is that right?

0 Karma

somesoni2
Revered Legend
0 Karma

anton085
Path Finder

I have looked into that REST API. I am trying out Splunk now so I am not sure whether some of the roles are associated with licenses or not. For now, my splunk enterprise installs have ["license_master","indexer"] roles and my universal forwarder has ["universal_forwarder","license_master"] roles. I cannot see "heavyweight_forwarder" in the roles endpoint although I have configured one enterprise instance to forward data. Is it related to licensing or do I need to use a deployment server to assign roles (and can it even be done with trial license)?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...