Solved: Re: What forwarder versions am I running?

the_wolverine · ‎02-04-2010

Is there a search that I can run at the indexer that will tell me what versions my forwarders are on?

the_wolverine · ‎04-02-2010

The capability was added in 4.0.10 (forwarders) to forward on the license.version file. As a workaround for pre-4.0.10 forwarders, you can configure the following input on your forwarder's inputs.conf:

[monitor://$SPLUNK_HOME/etc/splunk.version]
index = _internal
host=myLWF1
sourcetype=splunk_version
_TCP_ROUTING = *

This will forward the splunk.version file to your indexer. You can then easily figure out what version each forwarder host is running by searching on the LWF hostname and sourcetype=splunk_version.

View solution in original post

the_wolverine · ‎04-02-2010

The capability was added in 4.0.10 (forwarders) to forward on the license.version file. As a workaround for pre-4.0.10 forwarders, you can configure the following input on your forwarder's inputs.conf:

[monitor://$SPLUNK_HOME/etc/splunk.version]
index = _internal
host=myLWF1
sourcetype=splunk_version
_TCP_ROUTING = *

This will forward the splunk.version file to your indexer. You can then easily figure out what version each forwarder host is running by searching on the LWF hostname and sourcetype=splunk_version.

gkanapathy · ‎04-02-2010

This is in 4.0.10. release, so if you are there, you don't need to add it.

Mick · ‎02-05-2010

No, but there are plans to do this in a future version

ben_leung · ‎06-04-2014

Hello from the future/present.....past....

Is there now a splunk query to run at the indexer level to display forwarder versions?

What forwarder versions am I running?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases