Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Definitive way to determine whether or not a machine is communicating with Splunk whether Windows or Unix?

infra2sec
Path Finder
‎07-29-2016 07:27 AM

Does anyone know how to generally quantify within a report or otherwise whether or not a system with an OS of any type is communicating with Splunk? I am sure that routers will be involved with my quest as well.

Thanks in advance.

Tags (1)
0 Karma
Reply

lycollicott
Motivator
‎07-29-2016 07:38 AM

index=_internal component=HttpPubSubConnection | table host | dedup host | sort host

0 Karma
Reply

twinspop
Influencer
‎07-29-2016 07:35 AM 
index=_internal  component=Metrics group=tcpin_connections

Those logs contain version and OS info. Slice and dice with stats as needed.

EDIT: Something like this, where _time will be the last time it logged:

EDIT EDIT: changed host to hostname (duh)

index=_internal  component=Metrics group=tcpin_connections | stats latest(_time) as _time latest(build) as Build latest(version) as SplunkVersion latest(os) as OS latest(fwdType) as SplunkType values(lastIndexer) as Indexers by hostname
0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...