Solved: how to find forwarders in which splunk boot-start ...

nilbak1 · ‎06-11-2018

I want to find the splunk forwarders in which boot script is enabled.
Is there any query ?

ansif · ‎06-12-2018

I don't know the query. If you find any log files that logs boot start then you can use that log file to search.

Rather you can use scripts to determine if boot start enabled or NOT.

For Windows forwarders use Powershell script to get Splunk service startup status.

Linux machines use shell script to check if Sxxsplunk link file exist under /etc/rc.d/rc3.d (example S90splunk )

Both scripts use your servernames as input.

ansif · ‎06-12-2018

I don't know the query. If you find any log files that logs boot start then you can use that log file to search.

Rather you can use scripts to determine if boot start enabled or NOT.

For Windows forwarders use Powershell script to get Splunk service startup status.

Linux machines use shell script to check if Sxxsplunk link file exist under /etc/rc.d/rc3.d (example S90splunk )

Both scripts use your servernames as input.

how to find forwarders in which splunk boot-start is enabled ?