Splunk Enterprise

How do I take an inventory of all my hosts, indexers, forwarders at a Med size company

SamHTexas
Builder

Hello team, In order to take an inventory of my Indexers, Forwarders, & host to get started what do I need to do. 1. What would be some SPL scripts would I need to use? 

2. Should I be doing this off the hours or middle of the day is fine as well?

Thank u

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

The Monitoring Console will know what your indexers are and can be set up to also monitor your forwarders.

How to inventory hosts depends on what you mean by "host".  If it just means those computers that are sending data to Splunk then you can do it using SPL.

| tstats count where index=* host=* by host
| fields - count

It you need an inventory of all computers in your company then someone from the networking team may be able to help by providing a list of every machine that has connected to the network.  Failing that, someone may have to walk the floor(s) looking for computers.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Monitoring Console will know what your indexers are and can be set up to also monitor your forwarders.

How to inventory hosts depends on what you mean by "host".  If it just means those computers that are sending data to Splunk then you can do it using SPL.

| tstats count where index=* host=* by host
| fields - count

It you need an inventory of all computers in your company then someone from the networking team may be able to help by providing a list of every machine that has connected to the network.  Failing that, someone may have to walk the floor(s) looking for computers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

SamHTexas
Builder

I thank you buddy. I have another couple of questions please - it would really help me.

Please share how to get a complete list of Forwarders in an environment (spl)

I have tried a few scripts that I know but not working. What search script would I use to get a list of forwarders & indexers that are having trouble or need updates?

Thank u bro. You are a big help & thank u. Stay safe & healthy, have a nice weekend too.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...