Re: I want to extract list of all clients deployed...

krutika_ag · ‎11-22-2023

Hi,

There are a lot of clients in my architecture and every other splunk instance is deployed in either /opt/bank/splunk OR /opt/insurance/splunk OR /opt/splunk

Hence I want to run a command to extract list of all clients along with the path where splunkd is running.

How can i achieve this, please suggest

krutika_ag · ‎12-23-2023

gcusello · ‎12-24-2023

Hi @krutika_ag ,

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

gcusello · ‎11-22-2023

Hi @krutika_ag ,

if these splunk servers are sending internal logs to Splunk you could use something like this:

for Windows servers:

index=_internal
| rex field=source "^(?<splunk_home>.*)Splunk"
| dedup host
| table host splunk_home

for linux servers:

index=_internal
| rex field=source "^(?<splunk_home>.*)splunk"
| dedup host
| table host splunk_home

Ciao.

Giuseppe

ITWhisperer · ‎11-22-2023

Where is this information coming from?

I want to extract list of all clients deployed in Splunk along with the location of splunkd on those clients

other

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!