Splunk Search

Is there a search or btool command we can run from the deployment server to list all deployment client Splunk versions?

Engager

Per this root certificate issue expiring in July and https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html

Is there a search or btools command to run from the deployment server to view all clients that will be affected, creating table with a list of all client versions?

We have many deployment clients and we need to know which ones need attention.

0 Karma

Influencer

Yes. Check out the forwarder reports included in: https://splunkbase.splunk.com/app/2678/

0 Karma

Communicator

Lots of variables but an oversimplified rough cut would be to make a lot of assumptions and look at what is recorded in the metrics log.
Try the following search and then clean it up to suit your needs:

index=_internal source=\*metrics.lo\* group=tcpin_connections version=* | table hostname version