- Splunk Answers
- :
- Splunk Administration
- :
- Knowledge Management
- :
- In a distrubuted environment, how to find each ser...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have several Splunk server set up by a contractor as distributed environment. I need to identify each server role. I tried .\splunk show shcluster-status but it just gives me cluster information.
I particularly need to find Deployment server role.
My second question is what is difference between Splunk Add on for Active Directory and Splunk App for Active Directory. what are the use of these components?
thanks a lot
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello splunk_sa
to find out the roles of server, you can run this command in search bar: | rest /services/server/info | table host host_fqdn server_roles
sometimes if not set properly, multiple servers will have same roles. another option is if all machines sends their data to indexer is search index = _internal and check who the clients are phoning home to. or you can look for the instance that shows clients on Forwarder Management" page. navigate to settings -> click forwarder management.
lastly, you can search for an instance that has directories (apps) in its .../etc/deployment-apps/ directory
regarding second question.
the app for AD https://splunkbase.splunk.com/app/1059/ seems like an old app that was last updated 4 years ago
the AD TA (add-on) https://splunkbase.splunk.com/app/3207/ is an app that assists in collecting AD data
some prebuilt dashboards and reports on AD data you can find in various otehr apps such as the app for Windows Infrastructure:
https://splunkbase.splunk.com/app/1680/
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello splunk_sa
to find out the roles of server, you can run this command in search bar: | rest /services/server/info | table host host_fqdn server_roles
sometimes if not set properly, multiple servers will have same roles. another option is if all machines sends their data to indexer is search index = _internal and check who the clients are phoning home to. or you can look for the instance that shows clients on Forwarder Management" page. navigate to settings -> click forwarder management.
lastly, you can search for an instance that has directories (apps) in its .../etc/deployment-apps/ directory
regarding second question.
the app for AD https://splunkbase.splunk.com/app/1059/ seems like an old app that was last updated 4 years ago
the AD TA (add-on) https://splunkbase.splunk.com/app/3207/ is an app that assists in collecting AD data
some prebuilt dashboards and reports on AD data you can find in various otehr apps such as the app for Windows Infrastructure:
https://splunkbase.splunk.com/app/1680/
hope it helps
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
