Splunk Search

How do I check if some servers are calling into splunk?

egreg7
Engager

Please what is the Splunk search command to find out if a Server is calling into Splunk. I am trying to find out the number of Servers calling into splunk.

Tags (1)
0 Karma

mattymo
Splunk Employee
Splunk Employee

do you mean forwarders forwarding data? or forwarders calling the deployment server?

for forwarders forwarding:

fast answer: index=_internal source=*metrics.log tcpin_connections
| stats count by hostname

best practice: use the monitoring console to monitor your deployment with forwarder management dash - https://docs.splunk.com/Documentation/Splunk/6.6.2/DMC/ForwardersDeployment

another option: check out the meta woot app! https://splunkbase.splunk.com/app/2949/

If you are talking about the delpoyment server:

Use the forwarder MGMT page on the deployment server: https://docs.splunk.com/Documentation/Splunk/6.6.2/Updating/Forwardermanagementoverview

If you are talking about any server talking to a splunk instance. Use splunk stream! https://splunkbase.splunk.com/app/1809/

- MattyMo
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...