Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Definitive way to determine whether or not a machine is communicating with Splunk whether Windows or Unix?

infra2sec
Path Finder
‎07-29-2016 07:27 AM

Does anyone know how to generally quantify within a report or otherwise whether or not a system with an OS of any type is communicating with Splunk? I am sure that routers will be involved with my quest as well.

Thanks in advance.

Tags (1)
0 Karma
Reply

lycollicott
Motivator
‎07-29-2016 07:38 AM

index=_internal component=HttpPubSubConnection | table host | dedup host | sort host

0 Karma
Reply

twinspop
Influencer
‎07-29-2016 07:35 AM 
index=_internal  component=Metrics group=tcpin_connections

Those logs contain version and OS info. Slice and dice with stats as needed.

EDIT: Something like this, where _time will be the last time it logged:

EDIT EDIT: changed host to hostname (duh)

index=_internal  component=Metrics group=tcpin_connections | stats latest(_time) as _time latest(build) as Build latest(version) as SplunkVersion latest(os) as OS latest(fwdType) as SplunkType values(lastIndexer) as Indexers by hostname
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...