Solved: REST search for Deployment Client Forwarder Manage...

muebel · ‎11-18-2015

In the Splunk Web Interface, you can navigate to /manager/system/deploymentserver to get access to a set of tables that give you information on your deployment infrastructure. Namely, the Apps, Server Classes, and Clients.

Clicking on one of this tabs gives you a table that can be filtered on in a few ways. Is it possible to expose these tables in a Splunk search? I have done some investigation of the REST documentation, and nothing has stood out.

muebel · ‎04-01-2016

This can be done through the REST interface, and the rest command in Splunk from the deployment server as such:

| rest splunk_server=local /services/deployment/server/clients

Although if you have many deployment clients (thousands), it can take just as long to run search as using the "forwarder management" interface.

View solution in original post

muebel · ‎04-01-2016

This can be done through the REST interface, and the rest command in Splunk from the deployment server as such:

| rest splunk_server=local /services/deployment/server/clients

Although if you have many deployment clients (thousands), it can take just as long to run search as using the "forwarder management" interface.

REST search for Deployment Client Forwarder Management Console

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...