topic Re: Windows Host Status (Red, Amber, Green) in Getting Data In

Windows Host Status (Red, Amber, Green)

nathanluke86 — Tue, 26 Nov 2019 08:06:52 GMT

Has anyone been able to create a single panel (Red, Amber, Green status) for a windows host to show if the host has critical performance issues etc.

We are trying to create this to show green as ok, amber, red as critical etc but are struggling with false positives.

We currently use SCOM so might it be worth ingesting these logs to create this?

Any suggestions of how to accomplish this would be appreciated.

We already have the Splunk app for infra but are trying to create a display dashboard that gives us a quick overview of our hosts to display on a screen.

We would like it to be a bit more than host not forwarding logs as the indicator of an issue.

Some dashboard examples would be a great help or just pointers that may help us achieve this.

TIA

Re: Windows Host Status (Red, Amber, Green)

gcusello — Tue, 26 Nov 2019 11:25:22 GMT

HI @nathanluke86,
could be more detailed when you speak of critical performaces issues?
Anyway, at first you have to create your searches to find the value for each host.
Then see in Splunk Dashboard Examples App, at Table Icon Set (Rangemap) dashboard to see how to display status in graphic mode.

This is an example:

<dashboard script="table_icons_rangemap.js" stylesheet="table_decorations.css">
    <label>Table Icon Set (Rangemap)</label>
    <description>Use Javascript and CSS in tables to convert rangemap results into icons.</description>
    <row>
        <table id="table1">
            <title>Render Icons based on rangemap result</title>
            <search>
                <query>
                    index=_internal
                    | stats count by sourcetype,source,host
                    | rangemap field=count low=0-100 elevated=101-1000 default=severe
                </query>
                <earliest>-1h</earliest>
            </search>
            <option name="drilldown">none</option>
        </table>
    </row>
</dashboard>

in which there are notable:

in the first row a css and a js to call;
the id=1 in table tag used by js;
the rangemap command used to define the threesholds for the different levels and icons.

Ciao.
Giuseppe

Re: Windows Host Status (Red, Amber, Green)

nathanluke86 — Tue, 26 Nov 2019 12:47:26 GMT

Hello @gcusello

Thanks for the reply.

This seems a good way to display the data but what we are trying to achieve is for Windows server health like cpu and critical errors etc that may affect users or customers.

I think we may have to use a third party tool to get the required result as we can't find anything that doesn't return false positives.

We need something like a lookup or script input that would flag critical events as we can't seem to find the right events to monitor in the windows logs.

Thanks

Re: Windows Host Status (Red, Amber, Green)

to4kawa — Tue, 26 Nov 2019 13:24:33 GMT

Best Practices for implementing Windows OS monitoring

How about it?

Re: Windows Host Status (Red, Amber, Green)

gcusello — Tue, 26 Nov 2019 13:47:52 GMT

HI @nathanluke86,
I don't know your need but, I hint to see the Splunk app for windows infrastructure, probably there's the searches you need, then you can display results in graphic mode as I said.
I don't like to use an externaltool (when I can).

Ciao.
Giuseppe