Splunk Deployment Server: Grab all deployment clients

There are times when you need to know what’s out there. If you’re like me, you have thousands of deployment clients in the environment, and browsing to the GUI interface to see your forwarders just doesn’t cut it.

The following can be run as a search on your deployment server to pull all of your deployment clients.

    | rest /services/deployment/server/clients splunk_server=local | table hostname dns clientName utsname

You can then pipe this out to outputcsv to better use the data.

If for some reason you cannot do it this way, you can always pull information on the command line. To get all the IP addresses of your clients, run the following:

    /opt/splunk/bin/splunk list deploy-clients | grep -Po 'ip:\s+\K([0-9]{1,3}\.){3}[0-9]{1,3}'

Now read this

Splunk: Automatically update GeoIP database across environment

Information for this post was inspired by this post. Edit: Also see George Starcher’s implementation. On every Splunk upgrade, they also push out a GeoIP database found here. Instead of waiting, I wanted to automate the pull on search... Continue →