What is a quick way to get a listing of all systems where a UF is installed on?
You should be able to see the list of all UF's from Distributed env or Deployment Server or Splunk Manager or some other name, Everything is same, but they name it according to their organizations. If you don't have an idea on what it is, ask someone they are able to provide you the details.
If you are still not able to find what it is, use these queries in your search to get the list of hosts:
**index=_internal sourcetype=splunkd group=tcpin_connections | stats first(version) by hostname
| metadata type="hosts"**
They both are two different Searches.
| metadata type=hosts will give you much more than just your forwarders. It will give every known value of the host field, so that could also be all kinds of network devices that send over syslog or something, where the original device's name ends up in the host field.
Settings: (Distributed environment) Forwarder management
will give you all those that have registered with the Splunk instance.
In order to register, each forwarder must run this command line:
splunk set deploy-poll <hostname or ip_address>:<management port>
The <management port> defaults to 8089. The registration information ends up in /opt/splunkforwarder/etc/system/local/deploymentclient.conf
, something like:
[target-broker:deploymentServer]
targetUri = <hostname or ip_address>:<management port>
[deployment-client]
clientName = <client_name>
I went there from my search head and received only the information below:
Forwarder Management
The forwarder management UI distributes deployment apps to Splunk clients. No clients or apps are currently available on this deployment server. (click learn more button)