Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Which Splunk version each of our Splunk servers are on ?

mailtosnsolutio
Explorer
‎04-20-2021 11:41 AM

2 Question on Admin Side :

Question 1 : How many hosts are on each version of the Splunk Universal Forwarder ?

index="_internal" source="*metrics.log*" group=tcpin_connections |dedup hostname |stats count(hostname) as TotalCount by hostname , version,os  |table hostname ,version,os TotalCount

this query returning results but as confirmation need to be confirm it correct or not ??

Question 2 :  Which Splunk version each of our Splunk servers are on ?

Tried rest query but it not working as need is i need to list down all the splunk instance means (SHC,IC,Deployer, Deployment server n all)

they dont want to open Monitor console , they want to be have Custom dashboard for it

 

 

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎04-20-2021 10:24 PM

Hi @mailtosnsolutio,

Question 1: You should remove hostname from group by statement to show total count and there is no need dedup before stats. Adding fwdType=uf will show only UF instances.

index="_internal" source="*metrics.log*" group=tcpin_connections fwdType=uf 
| stats dc(hostname) as TotalCount by version,os

Question 2:

You can use below rest query on your monitoring console instance and collect it into a summary index. After that you will be able to query summary index on any search instance;

| rest splunk_server_group=* /services/server/info | table host server_roles version

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎04-20-2021 10:24 PM

Hi @mailtosnsolutio,

Question 1: You should remove hostname from group by statement to show total count and there is no need dedup before stats. Adding fwdType=uf will show only UF instances.

index="_internal" source="*metrics.log*" group=tcpin_connections fwdType=uf 
| stats dc(hostname) as TotalCount by version,os

Question 2:

You can use below rest query on your monitoring console instance and collect it into a summary index. After that you will be able to query summary index on any search instance;

| rest splunk_server_group=* /services/server/info | table host server_roles version

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...