Splunk Search

How to find total distribution of Universal forwarders in Splunk based on operating system types?

Path Finder

I would like to know how do I find the distribution of all Universal forwarders in Splunk by os type (Unix, Windows, etc).

Is there a query that'll define this allocation.

Tags (4)
0 Karma

Path Finder

index=_internal fwdType="*" | dedup hostname | stats count by os, version

SplunkTrust
SplunkTrust

OMohi,

Install the Deployment Monitor App on your deployment server.

http://splunk-base.splunk.com/apps/67836/splunk-deployment-monitor

There is a dashboard there with the information.

Motivator

Hoping that either Deployment Monitor or Forwarder Managment would add a simple export option to a csv. Then it would be much easier to use the export to build a serverclass.conf without having to first write your own query in Splunk.

0 Karma

SplunkTrust
SplunkTrust

If this answered your question - please accept it. Thanks!

0 Karma