Alerting

Alert When Power Goes Out

pc1
Path Finder

I want to use splunk to send an alert when the power goes out in our office. The current idea is to set up a machine (probably windows or linux) powered into an outlet, set up as a Universal Forwarder sending a constant stream of info to the Enterprise instance (what this form of info would be I'm not sure yet. probably a script that constantly loops). And then to have the Enterprise instance (on aws so it will still be online if the power goes out) monitor for when the Forwarder machine stops sending information - then send me an alert. So when the power goes out the machine in the office will power down and the Enterprise instance will recognize this and alert me. If anyone has any other ideas of ways that they might monitored for power loss(or can help to outline how I should set up my current idea) please let me know. Thanks!

 

Edit: Can't figure out how to change the forum category of this post from feedback to something else. 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Well, generally speaking you have two typical ways of checking for service availability - either you periodicaly actively query a service (for example - ping a device) or have the device emit some form of keepalive signal and you just monitor if the last occurence you received is sufficiently "young". Your mechanism fits the second option.

You might - for example - have a script writing events to a file every minute or every five minutes and ingest it into splunk where you would check timestamp of latest event and alert if it was older than predefined limit. It's definitely doable and relatively easy.

Having said that...

It seems a huge overkill to do it with splunk. And it's not the tool meant for this type of monitoring - there are various monitoring suites out there or - if you want to just monitor this one thing - you could just write your own simple script to do so.

And of course - the more components you have, the more complicated it gets - you can be losing events not only because of power outage but also if UF crashed or windows decided it wanted to do an upgrade and didn't survive the reboot... So you wouldn't be just monitoring for power outages.

Of course it could be acceptable for you but it's important to understand how it works. If you really really need to monitor especially for power outages (for example for SLA purposes), not for other incidents, you need some device that is battery powered and which measures the mains voltage and an mains-independent network connectivity. So it's getting complicated. It all depends on what you really need.

But it's much less a splunk issue, more of a general infrastructure and monitoring topic.

Oh, and the Feedback forum doesn't seem like a proper place for this question.

0 Karma

pc1
Path Finder

So if its an overkill to do it with Splunk - then it definitely should work. Good to know that my methodology checks out. 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...