Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Can splunk restart a failed application?

burvil
Engager
‎10-18-2012 04:28 PM

I understand that splunk can monitor application very well. Can it (natively or through an add-on) also restart the service if it's found as failed? If there's an add-on, what add-on is it? Lastly, how well has a solution worked in your environment?

So, for example, I have ypbind (NIS client) running and it stops functioning (i.e. the process dies and is no longer in the process table) or hangs, for whatever reason. I would still want a notification that it died or was having an issue, but in order to increase uptime, I'd still want the application to be restarted automatically at least n times. Can splunk do this? I'm guessing the forwarder is only an agent for the purpose of forwarding log information to an aggregator, so I'd have to use some kind of add-on. I'd like to see if having this functionality is feasible in Splunk, and if so, how well it works.

Tags (2)
0 Karma
Reply

vikramyadav
Contributor
‎01-11-2021 10:24 AM

Hi @burvil ,

Yes, you can restart your application as long as it is connected with Splunk. You can create an alert and add the custom script. Once your alert is triggered with the help of your script it will pass a command to application for restart.

---------------------------------------------------------------------------

If this helps your like would be appreciated. 😀

0 Karma
Reply

dchando
Engager
‎01-11-2021 09:35 AM

@burvildid this work for you?.....I have similar question. It's been many years though.

0 Karma
Reply

lguinn2
Legend
‎10-18-2012 09:32 PM

If you set up an alert, you can have the alert trigger an script.

Since you write the script, it can take almost any action, including restarting an application. There is no need for an add-on, just a script.

More info at the alerting manual

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...