Refine your search:

How to identify Lightweight Forwarders vs Universal Forwarders from Deployment Server?

0

I'm dealing with an environment of mixed Lightweight Forwarders and Universal Forwarders. How can I tell, without logging into the forwarders, which is running what?

The build number for LWF/main package of Splunk is confusingly identical to that of the UF.

asked 07 Jun '11, 11:13

Jason's gravatar image

Jason
2.0k25
accept rate: 49%

One Answer:
oldestnewestmost voted
1

Try this:

index=_internal source=*metrics.log group=tcpin_connections | dedup sourceHost, sourceIp | table sourceHost, sourceIp, ssl, lastIndexer, fwdType
link

answered 07 Jun '11, 13:33

mw's gravatar image

mw
1.6k12
accept rate: 30%

Great. This also works in 4.2, and contains hostnames instead of IPs (in our environment at least): index=_internal source=fwd | dedup hostname | table hostname, ssl, lastIndexer, fwdType

(09 Jun '11, 06:16) Jason
Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×156
×121
×120
×19

Asked: 07 Jun '11, 11:13

Seen: 526 times

Last updated: 09 Jun '11, 06:16

Related questions

Can deployment server upgrade universal forwarders yet?

Deploying wmi.conf for windows universal forwarders with deployment-server

Deployment server and Universal Forwarder

Universal Forwarder and Deployment Server with SSL how to?

If Universal Forwarder has changed default admin password, can Deployment Server still push configurations to it?

How do I get a script pushed to all forwarders via deployment server?

How to upgrade forwarders with deployment server?

Can I run multiple Universal Forwarders on Windows Server 2008?

windows universal forwarder splunk deployment

Copyright © 2005-2012 Splunk, Inc. All rights reserved.