Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Alert When Power Goes Out

pc1
Path Finder
‎09-07-2021 01:33 PM

I want to use splunk to send an alert when the power goes out in our office. The current idea is to set up a machine (probably windows or linux) powered into an outlet, set up as a Universal Forwarder sending a constant stream of info to the Enterprise instance (what this form of info would be I'm not sure yet. probably a script that constantly loops). And then to have the Enterprise instance (on aws so it will still be online if the power goes out) monitor for when the Forwarder machine stops sending information - then send me an alert. So when the power goes out the machine in the office will power down and the Enterprise instance will recognize this and alert me. If anyone has any other ideas of ways that they might monitored for power loss(or can help to outline how I should set up my current idea) please let me know. Thanks!

 

Edit: Can't figure out how to change the forum category of this post from feedback to something else. 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-07-2021 01:59 PM

Well, generally speaking you have two typical ways of checking for service availability - either you periodicaly actively query a service (for example - ping a device) or have the device emit some form of keepalive signal and you just monitor if the last occurence you received is sufficiently "young". Your mechanism fits the second option.

You might - for example - have a script writing events to a file every minute or every five minutes and ingest it into splunk where you would check timestamp of latest event and alert if it was older than predefined limit. It's definitely doable and relatively easy.

Having said that...

It seems a huge overkill to do it with splunk. And it's not the tool meant for this type of monitoring - there are various monitoring suites out there or - if you want to just monitor this one thing - you could just write your own simple script to do so.

And of course - the more components you have, the more complicated it gets - you can be losing events not only because of power outage but also if UF crashed or windows decided it wanted to do an upgrade and didn't survive the reboot... So you wouldn't be just monitoring for power outages.

Of course it could be acceptable for you but it's important to understand how it works. If you really really need to monitor especially for power outages (for example for SLA purposes), not for other incidents, you need some device that is battery powered and which measures the mains voltage and an mains-independent network connectivity. So it's getting complicated. It all depends on what you really need.

But it's much less a splunk issue, more of a general infrastructure and monitoring topic.

Oh, and the Feedback forum doesn't seem like a proper place for this question.

0 Karma
Reply

pc1
Path Finder
‎09-07-2021 02:19 PM

So if its an overkill to do it with Splunk - then it definitely should work. Good to know that my methodology checks out. 

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...