Solved: Who is forwarding data

bc_unixadm · ‎04-27-2010

How can I tell which servers in my enterprise are forwarding to the master server. We do automated installs of vm's and splunk is automated to install and start but I would like to have a picture or list from within the app to show that I am receiving data from the servers after installation.

Thanks Mark

muebel · ‎04-27-2010

one way is to run the following search to give an idea of which hosts are fowarding how many events

* | chart count(host) by host

Run this over the last 15 minutes.

View solution in original post

kbecker · ‎04-27-2010

This will give you a list of the hosts that Splunk knows about... | metadata type=hosts | fields host

View solution in original post

kbecker · ‎04-27-2010

This will give you a list of the hosts that Splunk knows about... | metadata type=hosts | fields host

bc_unixadm · ‎04-27-2010

Both solutions work.. Thanks to both.

muebel · ‎04-27-2010

one way is to run the following search to give an idea of which hosts are fowarding how many events

* | chart count(host) by host

Run this over the last 15 minutes.

bc_unixadm · ‎04-27-2010

Both solutions work, thanks very much has made my manual process automated.

bc_unixadm · ‎04-27-2010

Solution is what I was looking for.

Who is forwarding data

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!