Hello Splunkers!!
How to check the version of all the add-ons we are using on heavy forwarders. Like DB connect, solarwinds and so on by using any rest command in splunk.
Thanks in Advance.
@gcusello @aasabatini Why i was asked this question. Because i am upgrading my all the heavy forwarders and all the add-ons we have configured on HFs. So i need to make plan. I have to make compatible metrics also to support latest HF version with the latest version of add-ons. If there is any recommended approach then please let me know.
Hi @uagraw01,
about Splunk version, you could also use the Monitoring Console to have them.
About Add-Ons, you could use a Deployment server to deploy Add-Ons to the HFs so, you'll be sure about the version of all Add-Ons and you'll be able to centrally manage them.
Ciao.
Giuseppe
Hi @uagraw01
you can run this search directly on the HF
| rest splunk_server=local /services/apps/local | search update.version=* | table title version update.version
or you can run this search on the search head but you need to specify the hf server
@aasabatini From the search head it is not working while i am mentioning any hf name.
Hi @uagraw01.,
please try this:
| rest /services/apps/local
| table label version disabled
Ciao.
Giuseppe
hi @uagraw01,
sorry I forgot to say that you have to run this search on each Heavy Forwarder or add splunk_server:
| rest /services/apps/local splunk_server=<hostname>
| table label version disabled
Ciao.
Giuseppe
Hi @uagraw01,
sorry I forgot that this option is only for search peers.
You can run that search only on the Heavy Forwarders.
You could eventually schedula that search saving results in a csv file (with outputcsv command at the end) and then read that file and send it to Splunk using a file input.
Ciao.
Giuseppe
If/when (you really should) have a MC you could add all HFs as peers to it and create separate groups for those. Then you could use @gcusello ‘s rest query with splunk_server=<your group name here> To get this information from one place.
There is already idea for separate role for HFs / intermediate gateway forwarders in ideas.splunk.com, which could work better than add those as peers.
r. Ismo
@gcusello Yes i think i have to put this command on every heavy forwarder individually because we are using Splunk cloud.