Re: Need help with SPLs to find list of my Splunk ...

SamHTexas · ‎09-23-2021

Please help with SPLs to find list of my Splunk server instances, FWs & Indexers. Need Splunk version & machine names & IPs. Thx a million in advance. What is the best order to upgrade them all to Splunk 8.2.2.?

SamHTexas · ‎09-23-2021

Thanks very much bro. for this. This SPL lists the FWs & their IPs only. Do u know how to get a list of Indexers & Splunk instances like Deployment server, Cluster master & etc plus their Splunk version & IPs? Thanks very much in advance.

ashvinpandey · ‎09-23-2021

@SamHTexas Try the below query and add the other required fields you want:

index=_internal source=*metrics.log* group=tcpin_connections 
| dedup hostname 
| table _time hostname os version sourceIp fwdType destPort ssl

Regarding upgrade please find the below official splunk documentation link for v8.2:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Installation/HowtoupgradeSplunk

Also, If this reply helps you, an upvote would be appreciated.

SamHTexas · ‎10-22-2021

This is super bro. Thank u. What does the ssl (false) mean under the ssl column on the far right side? Thank u

Need help with SPLs to find list of my Splunk Instances, FWs & Indexers. Need Splunk version & machine names. Thx a mill

upgrade

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...