Hi Guys,
I am completely new to Splunk. Finding ways to learn as much quickly. Please help me out.
Question:
How to check if a windows/unix server is reporting to splunk? - I am aware if a Forwarder is installed on client server, then it will contact splunk servers. But I want to make sure if the forwarder is actively communicating with splunk servers? Can we see a list of servers which are reporting to Splunk on a glance?
Hi,
You should be able to lookup all data received from forwaders by querying the internal index...
index=_internal metrics group=per_host_thruput earliest=@d
above should give you all data received from hosts for the day. If you are using a deployment sever you can see all the clients phoning in under settings->forwarder management.