- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Is there a REST API to remove missing forwarders?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have already found documentation on updating the "DMC Forwarder - Build Asset Table" with a post as referenced here:
https://answers.splunk.com/answers/426211/is-there-a-rest-api-call-to-rebuild-the-forwarder.html
This does not actually achieve what I wish to do. We wish to automate via an API call how one rebuilds forwarder assets in Splunk. This is done in Splunk Web in the Distributed Management Console (DMC)->settings->Forwarder Monitoring Setup and then I can set the data collection interval and hit the button "Rebuild Forwarder Assets". I want an API call to do that. Is this possible?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://host:8089/services/deployment/server/clients?count=0 to pull the full Universal Forwarder list.
https://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTdeploy
deployment/server/clients/{name}
https://:/services/deployment/server/clients/{name}
Get client information or remove a client.
DELETE
Remove the specified client from the deployment server registry. The next time the client "phones home" the record is re-created.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://host:8089/services/deployment/server/clients?count=0 to pull the full Universal Forwarder list.
https://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTdeploy
deployment/server/clients/{name}
https://:/services/deployment/server/clients/{name}
Get client information or remove a client.
DELETE
Remove the specified client from the deployment server registry. The next time the client "phones home" the record is re-created.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks! @ppeterson
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ppeterson. After looking more into this, it turns out we don't have our deployment server set up because we use a 3rd party tool to set up splunk instances. Is there any other API call that can remove missing forwarders outside of the deployment server route? Or is there a macro that can be utilized?
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
