How write a search to alert when a SiteMinder policy server or LDAP connection goes down?

krishnacasso — Mon, 11 Jan 2016 19:31:27 GMT

We need to develop an alert when the SiteMinder policy server or ldap connection goes down.

Can any one help with the search for this?
Thanks.

Re: How write a search to alert when a SiteMinder policy server or LDAP connection goes down?

praveenbandi — Wed, 08 Feb 2017 18:35:59 GMT

post some sample logs you have got? and post what do you have tried so far?

Re: How write a search to alert when a SiteMinder policy server or LDAP connection goes down?

krishnacasso — Tue, 29 Sep 2020 12:45:52 GMT

Hi Praveen,

Please find the snap of log files below.
I am trying to configure an alert if host is getting timed out at specific server(server1.abc.com) for continuously 5 Minutes. This alert should be based on time and not on the count.
I have a field extraction done for {ConnMgr (ldap_search_ext_s) in PingServer : Timed out at Server1.abc.com:389}(Event)--->txt(field)

[90530/2906][Wed Jan 09 2017 01:33:36][ConnMgr.cpp:637][ERROR][sm-Ldap-080] ConnMgr (ldap_search_ext_s) in PingServer : Timed out at Server1.abc.com:389

[90530/2906][Wed Jan 09 2017 01:33:36][ConnMgr.cpp:637][ERROR][sm-Ldap-080] ConnMgr (ldap_search_ext_s) in PingServer : Timed out at Server2.abc.com:389

[90530/2906][Wed Jan 09 2017 01:33:36][ConnMgr.cpp:67][ERROR][sm-Ldap-080] ConnMgr (ldap_search_ext_s) in PingServer : Timed out at Server3.abc.com:389

[90530/2906][Wed Jan 09 2017 01:33:36][ConnMgr.cpp:37][ERROR][sm-Ldap-080] ConnMgr (ldap_search_ext_s) in PingServer : Timed out at Server1.abc.com:389

[90530/2906][Wed Jan 09 2017 01:33:36][ConnMgr.cpp:67][ERROR][sm-Ldap-080] ConnMgr (ldap_search_ext_s) in PingServer : Timed out at Server1.abc.com:389[90530/2906]

[Wed Jan 09 2017 01:33:36][ConnMgr.cpp:63][ERROR][sm-Ldap-080] ConnMgr (ldap_search_ext_s) in PingServer : Timed out at Server1.abc.com:389

[90530/2906][Wed Jan 09 2017 01:33:36][ConnMgr.cpp:67][ERROR][sm-Ldap-080] ConnMgr (ldap_search_ext_s) in PingServer : Timed out at Server3.abc.com:389

[90530/2906][Wed Jan 09 2017 01:33:36][ConnMgr.cpp:63][ERROR][sm-Ldap-080] ConnMgr (ldap_search_ext_s) in PingServer : Timed out at Server1.abc.com:389

Here is my search:

index=* host="finace.vendor.com" sourcetype="appsm" sm_txt="*ConnMgr (ldap_search_ext_s) in PingServer : Timed out at *:389*" | timechart span=5m dc(txt)

This is giving the count of that unique txt. I need to configure a alert if this dc(txt) is logged for continuously for 5 minutes like Alert should not be triggered if it dint get dc(txt) in 4th minute.

Thanks.

Re: How write a search to alert when a SiteMinder policy server or LDAP connection goes down?

brettcarroll — Tue, 16 Jan 2018 13:06:55 GMT

You may want to have a look at the Splunk Alerting documentation

topic Re: How write a search to alert when a SiteMinder policy server or LDAP connection goes down? in Splunk Search

How write a search to alert when a SiteMinder policy server or LDAP connection goes down?

Re: How write a search to alert when a SiteMinder policy server or LDAP connection goes down?

Re: How write a search to alert when a SiteMinder policy server or LDAP connection goes down?

Re: How write a search to alert when a SiteMinder policy server or LDAP connection goes down?