Splunk Deployment Server: Grab all deployment clients

There are times when you need to know what’s out there. If you’re like me, you have thousands of deployment clients in the environment, and browsing to the GUI interface to see your forwarders just doesn’t cut it.

The following can be run as a search on your deployment server to pull all of your deployment clients.

    | rest /services/deployment/server/clients splunk_server=local | table hostname dns clientName utsname

You can then pipe this out to outputcsv to better use the data.

If for some reason you cannot do it this way, you can always pull information on the command line. To get all the IP addresses of your clients, run the following:

    /opt/splunk/bin/splunk list deploy-clients | grep -Po 'ip:\s+\K([0-9]{1,3}\.){3}[0-9]{1,3}'

Now read this

Ansible - Splunk Forwarder Deployment - Pt.1

This post will help you get up and running with Ansible with the end goal of deploying Splunk universal forwarders to both Windows and Linux. Inspiration https://github.com/divious1 .conf 2015 talk - Splunk Configuration Management and... Continue →