Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to determine if forwarder is phoning home to deployment server

dolfantimmy
Path Finder
‎01-13-2015 10:00 AM

What is the easiest way to determine if a specific forwarder is phoning home to the deployment server?

Reply

anakor
Engager
‎07-23-2019 12:35 AM

How to check the list of Universal Forwarders in the CLI of the Deployment Server? (Splunk versions 6/7)

0 Karma
Reply

lguinn2
Legend
‎01-13-2015 10:31 AM

I like @chanfoli's answer, but you can also do this:

Splunk 6: Is the deployment client phoning home?

index=_internal (*phonehome* component=DC*) OR (component=DC:HandshakeReplyHandler) host=hostname
| sort _time
| table _time host log_level message

In Splunk 5, the Splunk internal log format was a bit different. You could also use a similar search to identify clients that were phoning home yesterday, but have not phoned home today:

index=_internal (*phonehome* component=DC*) OR (component=DC:HandshakeReplyHandler) earliest=-2d
| eval Day=if(_time>(now()-86400),"Today","Yesterday")
| chart count by host day
| where Yesterday>0 AND Today<0
Reply

chanfoli
Builder
‎01-13-2015 10:16 AM

Via splunk web on the deployment server. Go to settings->forwarder management, select the clients and type in part of the hostname in the filter text box. If it is phoning home it should show up there with app count and time since last phone-home.

Reply

dolfantimmy
Path Finder
‎01-13-2015 10:27 AM

Thank you for your response. However, when on the web ui on the deployment server, I see no "settings->forwarder management"

0 Karma
Reply

dolfantimmy
Path Finder
‎01-13-2015 10:27 AM

I should note, this is version 5.0.1

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...