Hi,
I want to list all Deployment client on a dashboard in my Search Head with the following request:
index=_internal host="my Deployment Server" | dedup clientip |table clientip [...]
In the result, I have the list of my Deployment Client, The Deployment Server, localhost loop and serveral proxy IP.
The fowarding management of theses proxies aren't in my cluster then it's my Deployment Server which manage them. They are fully independant of my client pool and I don't collect their logs.
In the fowarding management menu, I don't see these clients.
What exactly contains the fields "clientip" of Splunk internal logs ?
And why I see theses proxy address in my Deployment Server clientip ? any idea ?
Thank you.
Best regards
... View more