Knowledge Management

In a distrubuted environment, how to find each server Role

splunk_sa
Explorer

We have several Splunk server set up by a contractor as distributed environment. I need to identify each server role. I tried .\splunk show shcluster-status but it just gives me cluster information.
I particularly need to find Deployment server role.

My second question is what is difference between Splunk Add on for Active Directory and Splunk App for Active Directory. what are the use of these components?
thanks a lot

Tags (1)
0 Karma
1 Solution

adonio
Ultra Champion

Hello splunk_sa
to find out the roles of server, you can run this command in search bar: | rest /services/server/info | table host host_fqdn server_roles
sometimes if not set properly, multiple servers will have same roles. another option is if all machines sends their data to indexer is search index = _internal and check who the clients are phoning home to. or you can look for the instance that shows clients on Forwarder Management" page. navigate to settings -> click forwarder management.
lastly, you can search for an instance that has directories (apps) in its .../etc/deployment-apps/ directory

regarding second question.
the app for AD https://splunkbase.splunk.com/app/1059/ seems like an old app that was last updated 4 years ago
the AD TA (add-on) https://splunkbase.splunk.com/app/3207/ is an app that assists in collecting AD data
some prebuilt dashboards and reports on AD data you can find in various otehr apps such as the app for Windows Infrastructure:
https://splunkbase.splunk.com/app/1680/

hope it helps

View solution in original post

0 Karma

adonio
Ultra Champion

Hello splunk_sa
to find out the roles of server, you can run this command in search bar: | rest /services/server/info | table host host_fqdn server_roles
sometimes if not set properly, multiple servers will have same roles. another option is if all machines sends their data to indexer is search index = _internal and check who the clients are phoning home to. or you can look for the instance that shows clients on Forwarder Management" page. navigate to settings -> click forwarder management.
lastly, you can search for an instance that has directories (apps) in its .../etc/deployment-apps/ directory

regarding second question.
the app for AD https://splunkbase.splunk.com/app/1059/ seems like an old app that was last updated 4 years ago
the AD TA (add-on) https://splunkbase.splunk.com/app/3207/ is an app that assists in collecting AD data
some prebuilt dashboards and reports on AD data you can find in various otehr apps such as the app for Windows Infrastructure:
https://splunkbase.splunk.com/app/1680/

hope it helps

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...