Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Definitive way to determine whether or not a machine is communicating with Splunk whether Windows or Unix?

infra2sec
Path Finder
‎07-29-2016 07:27 AM

Does anyone know how to generally quantify within a report or otherwise whether or not a system with an OS of any type is communicating with Splunk? I am sure that routers will be involved with my quest as well.

Thanks in advance.

Tags (1)
0 Karma
Reply

lycollicott
Motivator
‎07-29-2016 07:38 AM

index=_internal component=HttpPubSubConnection | table host | dedup host | sort host

0 Karma
Reply

twinspop
Influencer
‎07-29-2016 07:35 AM 
index=_internal  component=Metrics group=tcpin_connections

Those logs contain version and OS info. Slice and dice with stats as needed.

EDIT: Something like this, where _time will be the last time it logged:

EDIT EDIT: changed host to hostname (duh)

index=_internal  component=Metrics group=tcpin_connections | stats latest(_time) as _time latest(build) as Build latest(version) as SplunkVersion latest(os) as OS latest(fwdType) as SplunkType values(lastIndexer) as Indexers by hostname
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...