How do I check if some servers are calling into ...

egreg7 · ‎07-13-2017

Please what is the Splunk search command to find out if a Server is calling into Splunk. I am trying to find out the number of Servers calling into splunk.

mattymo · ‎07-13-2017

do you mean forwarders forwarding data? or forwarders calling the deployment server?

for forwarders forwarding:

fast answer: index=_internal source=*metrics.log tcpin_connections | stats count by hostname

best practice: use the monitoring console to monitor your deployment with forwarder management dash - https://docs.splunk.com/Documentation/Splunk/6.6.2/DMC/ForwardersDeployment

another option: check out the meta woot app! https://splunkbase.splunk.com/app/2949/

If you are talking about the delpoyment server:

Use the forwarder MGMT page on the deployment server: https://docs.splunk.com/Documentation/Splunk/6.6.2/Updating/Forwardermanagementoverview

If you are talking about any server talking to a splunk instance. Use splunk stream! https://splunkbase.splunk.com/app/1809/

- MattyMo

How do I check if some servers are calling into splunk?

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...