Splunk Enterprise

powershell command to check if splunk is forwarding logs to splunk console

LinkLoop
Engager

Is there a powershell command to find out if splunk is indeed forwarding logs to splunk console? I can check if agent is installed andrunning but how about forwarding?

 

which log should i check for?

Labels (2)
0 Karma

tscroggins
Influencer

Hi @LinkLoop,

You can verify Splunk is connected to outputs with the list forward-server command:

& "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" list forward-server -auth admin:password

Active forwards:
        splunk.example.com:9997 (ssl)
Configured but inactive forwards:
        None

The command requires authentication, so you'll need to know the local Splunk admin username and password defined at install time.

If the local management port is disabled, the command will not be available. You can otherwise search local logs for forwarding activity:

Select-String -Path "C:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd.log" -Pattern "Connected to idx="

Select-String -Path "C:\Program Files\SplunkUniversalForwarder\var\log\splunk\metrics.log" -Pattern "group=per_index_thruput, series=`"_internal`""

 

0 Karma
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...