Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Get sources configured under all apps in deployment server splunk

SrinivasaC
Path Finder
‎08-02-2016 06:10 AM

Hi,

We have 100 's of in our splunk system, what i need is, what are configured Forwarder Inputs in splunk system for all the apps using Splunk query.
i.e we have configured all the logs under inputs.conf for each app with monitor stanza around 100's of logs.

So I need to get all the logs files using Splunk Query.

Please help me.

Thanks in advance.

Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-02-2016 08:02 AM

The metadata command may be what you are looking for.

| metadata type=sources

will give you a list of all sources.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

SrinivasaC
Path Finder
‎08-03-2016 03:51 AM

Thanks for your reply..
It's giving only reported logs/sources with in the time-frame (i.e. last 15mins, 60mins, 4hrs...etc..), but not configured sources under inputs.conf file in deployment server.

0 Karma
Reply

Runals
Motivator
‎08-03-2016 09:47 AM

Splunk doesn't track/log the config files in the deployment-apps directory so there isn't anything to search. You'd have to do something like have a script generate that data (ie cat) on some interval. You could add the directory to the list of inputs easy enough but once the files are read in Splunk will only read them in if they have changed which is why I mentioned the script.

0 Karma
Reply

SrinivasaC
Path Finder
‎08-11-2016 04:49 AM

Have you check out the DeploymentMonitor app. It ships with Splunk, but is not enabled by default.

To enable it, go to Manager -> Apps and click 'enable' for the SplunkDeploymentMonitor

Then you can choose DeploymentMonitor in the 'Apps' menu (it will not have much data to show right away, since it works with scheduled searches). You can set up alerts for 'quiet' or 'missing' forwarders.

source will help:
https://answers.splunk.com/answers/48209/best-way-to-alert-for-not-receiving-data-from-a-source.html

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...