Splunk Search

View all Splunk instance in a single Splunk?

Vinesh93
Explorer

We have 6 splunk deployment server and need to login to every server to see the dashboards in respective servers. Is there any possible ways to manage a single splunk instance where i can see all dashboards from 6 servres?

Thanks in advance 🙂

Tags (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi Vinesh93,
no There isn't a Federated Deployment Server, I asked it many times to Splunk but no answer!
You could see the situation of each deployment server, extracting data from each DS and sending this data to Indexers, so you can search and display these data on a Search Head.
I did this configuration using a scheduled report on each DS that wrote situation every hour on a CSV file, the file was sent to indexers and I did a dashboard.
Otherwise, you could use rest to remotely extract the samedata from each DS, but the other solution is easier.
The search I used was:

| rest splunk_server=local /services/deployment/server/clients\
| table hostname ip utsname *.restartSplunkd\
| eval temp=hostname."#".ip."#".utsname \
| table temp *.restartSplunkd\
| untable temp apps count \
| eval Apps=if(like(apps,"app%"),mvindex(split(apps,"."),1),null()) \
| eval ServerClass=if(like(apps,"server%"),mvindex(split(apps,"."),1),null() ) \
| rex field=temp "(?<Host>.*)#(?<Host_IP>.*)#(?<Machine_Type>.*)" \
| table Host Host_IP Machine_Type Apps ServerClass \
| stats Values(*) as * by Host Host_IP Machine_Type\
| nomv Apps\
| nomv ServerClass\
| outputcsv ServerClassesList.csv

Bye.
Giuseppe

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...