- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
powershell command to check if splunk is forwarding logs to splunk console
LinkLoop
Engager
01-29-2025
07:16 AM
Is there a powershell command to find out if splunk is indeed forwarding logs to splunk console? I can check if agent is installed andrunning but how about forwarding?
which log should i check for?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tscroggins
Influencer
4 weeks ago
Hi @LinkLoop,
You can verify Splunk is connected to outputs with the list forward-server command:
& "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" list forward-server -auth admin:password
Active forwards:
splunk.example.com:9997 (ssl)
Configured but inactive forwards:
None
The command requires authentication, so you'll need to know the local Splunk admin username and password defined at install time.
If the local management port is disabled, the command will not be available. You can otherwise search local logs for forwarding activity:
Select-String -Path "C:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd.log" -Pattern "Connected to idx="
Select-String -Path "C:\Program Files\SplunkUniversalForwarder\var\log\splunk\metrics.log" -Pattern "group=per_index_thruput, series=`"_internal`""
