Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you detect a Universal Forwarder (UF) vs Enterprise from CLI?

satyenshah
Path Finder
‎11-01-2018 12:56 PM

On Linux, what is the "official" way of detecting whether a host has full Splunk Enterprise versus the Universal Forwarder installed/running?

For both packages, the file "etc/splunk.version" is identical. Also "bin/splunk version" returns the same output when run from either package.

$SPLUNK_HOME tends to differ between Splunk and the Splunk forwarder, but that is not a always predictable. The .manifest file tends to have a different prefix. And there are several subfolders that exist in the Enterprise package that don't exist in the UF package. I can trigger off those differences, but that seems indirect. I would rather the Splunk instance have an official and definitive way of telling me "I am a UF" or "I am Splunk Enterprise"

What is the best way of doing that?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

preotesoiu
Path Finder
‎11-01-2018 01:56 PM

Hello,

Splunk Enterprise is installed in a folder called "splunk" while Splunk universal forwarder is installed into a folder called "splunkforwarder".

Also running "splunk version" command should return the correct response. In my case, this is the response I get when running "version" command:
$ /opt/splunkforwarder/bin/splunk version
Splunk Universal Forwarder 7.1.4 (build 5a7a840afcb3)

hope it helps

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

preotesoiu
Path Finder
‎11-01-2018 01:56 PM

Hello,

Splunk Enterprise is installed in a folder called "splunk" while Splunk universal forwarder is installed into a folder called "splunkforwarder".

Also running "splunk version" command should return the correct response. In my case, this is the response I get when running "version" command:
$ /opt/splunkforwarder/bin/splunk version
Splunk Universal Forwarder 7.1.4 (build 5a7a840afcb3)

hope it helps

0 Karma
Reply
Solved! Jump to solution

satyenshah
Path Finder
‎11-01-2018 02:22 PM

Thanks! I was inadvertently executing the wrong binary.

0 Karma
Reply
Get Updates on the Splunk Community!

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...