2 Question on Admin Side :
Question 1 : How many hosts are on each version of the Splunk Universal Forwarder ?
index="_internal" source="*metrics.log*" group=tcpin_connections |dedup hostname |stats count(hostname) as TotalCount by hostname , version,os |table hostname ,version,os TotalCount
this query returning results but as confirmation need to be confirm it correct or not ??
Question 2 : Which Splunk version each of our Splunk servers are on ?
Tried rest query but it not working as need is i need to list down all the splunk instance means (SHC,IC,Deployer, Deployment server n all)
they dont want to open Monitor console , they want to be have Custom dashboard for it
Hi @mailtosnsolutio,
Question 1: You should remove hostname from group by statement to show total count and there is no need dedup before stats. Adding fwdType=uf will show only UF instances.
index="_internal" source="*metrics.log*" group=tcpin_connections fwdType=uf
| stats dc(hostname) as TotalCount by version,os
Question 2:
You can use below rest query on your monitoring console instance and collect it into a summary index. After that you will be able to query summary index on any search instance;
| rest splunk_server_group=* /services/server/info | table host server_roles version
Hi @mailtosnsolutio,
Question 1: You should remove hostname from group by statement to show total count and there is no need dedup before stats. Adding fwdType=uf will show only UF instances.
index="_internal" source="*metrics.log*" group=tcpin_connections fwdType=uf
| stats dc(hostname) as TotalCount by version,os
Question 2:
You can use below rest query on your monitoring console instance and collect it into a summary index. After that you will be able to query summary index on any search instance;
| rest splunk_server_group=* /services/server/info | table host server_roles version