Re: Splunkweb running or not on the forwarder

Cris · ‎10-30-2011

How can I check if the splunkweb service is started or not on the heavy forwarders?

Have I to index the web_service.log files for every forwarder and check it or is there a better way?

npandith · ‎11-03-2011

By default splunk forwarder will forward all the splunk logs to the indexer. If you have a look at inputs.conf under /opt/splunkforwarder/etc/system/local you can see that all the logs are being monitored.

[monitor://$SPLUNK_HOME/var/log/splunk]
index = _internal

You can also run "$SPLUNK_HOME/bin/splunk list monitor" to find what logs are being monitored.

Cris · ‎10-30-2011

Thank you for your answer.
I apologize but maybe my question was not very clear.
I meant to check the splunkweb service of the forwarders from the main indexer-searcher using a search command or an app without going on every server an launch the the status command.

gkanapathy · ‎10-30-2011

forwarders can send their internal logs to the indexers. whether they do this by default depends on the exact forwarder configuration as well as the specific version of the forwarder.

gkanapathy · ‎10-30-2011

You can just run:

$SPLUNK_HOME/bin/splunk status splunkweb

Splunkweb running or not on the forwarder

What's New in Splunk Observability - October 2025

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Are you a member of the Splunk Community?

Splunkweb running or not on the forwarder

What's New in Splunk Observability - October 2025

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...