Splunk Deployment Server: Grab all deployment clients

There are times when you need to know what’s out there. If you’re like me, you have thousands of deployment clients in the environment, and browsing to the GUI interface to see your forwarders just doesn’t cut it.

The following can be run as a search on your deployment server to pull all of your deployment clients.

    | rest /services/deployment/server/clients splunk_server=local | table hostname dns clientName utsname

You can then pipe this out to outputcsv to better use the data.

If for some reason you cannot do it this way, you can always pull information on the command line. To get all the IP addresses of your clients, run the following:

    /opt/splunk/bin/splunk list deploy-clients | grep -Po 'ip:\s+\K([0-9]{1,3}\.){3}[0-9]{1,3}'

Now read this

How to use Regex in Splunk searches

Regex to extract fields | rex field=_raw "port (?<port>.+)\." _raw The source to apply the regular expression to. This is a Splunk extracted field. left side of () The left side of what you want stored as a variable. Anything here... Continue →