How do I check if some servers are calling into ...

egreg7 · ‎07-13-2017

Please what is the Splunk search command to find out if a Server is calling into Splunk. I am trying to find out the number of Servers calling into splunk.

mattymo · ‎07-13-2017

do you mean forwarders forwarding data? or forwarders calling the deployment server?

for forwarders forwarding:

fast answer: index=_internal source=*metrics.log tcpin_connections | stats count by hostname

best practice: use the monitoring console to monitor your deployment with forwarder management dash - https://docs.splunk.com/Documentation/Splunk/6.6.2/DMC/ForwardersDeployment

another option: check out the meta woot app! https://splunkbase.splunk.com/app/2949/

If you are talking about the delpoyment server:

Use the forwarder MGMT page on the deployment server: https://docs.splunk.com/Documentation/Splunk/6.6.2/Updating/Forwardermanagementoverview

If you are talking about any server talking to a splunk instance. Use splunk stream! https://splunkbase.splunk.com/app/1809/

- MattyMo

How do I check if some servers are calling into splunk?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How do I check if some servers are calling into splunk?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...