Re: Is there an SPL query to know the last date UF...

So76 · ‎07-18-2022

Is there an SPL query to know the last date UFs phoned in to a specific DS. We've many DS in our company

gcusello · ‎07-18-2022

you can use the search from @Roy_9 that's correct or to use the Monitoring Console that gives you all the information about Forwarders, not only last phoned date.

Ciao.

Giuseppe

Roy_9 · ‎07-18-2022

below search gives you the list of UF's that haven't phoned in last 24 hours, you could tweak this search.

| rest splunk_server=local /services/deployment/server/clients | eval now=now(), diffTime=now-lastPhoneHomeTime, lastPhoneHomeTime=strftime(lastPhoneHomeTime,"%b %d, %Y %H:%M:%S") | search diffTime>86400 | table hostname ip instanceName utsname package splunkVersion lastPhoneHomeTime

So76 · ‎07-19-2022

Thanks for you prompt response. Can it be narrowed to a specific DS? We've multiple DS

gcusello · ‎07-19-2022

Hi @So76,

for this reasono, Monitoring Console is the easiest way.

Ciao.

Giuseppe

gcusello · ‎07-19-2022

Hi @So76 ,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

So76 · ‎07-20-2022

used the monitoring console

Is there an SPL query to know the last date UFs phoned in to a specific DS?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

Is there an SPL query to know the last date UFs phoned in to a specific DS?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?