Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do you set up an alert for when an application process is not running or hung?

bsaujla131984
Path Finder
‎08-23-2018 04:04 PM

There are a number of application processes in our environment which either go down or stop responding. I am trying to setup an alert in the event if process is down or hung in Unix/Linux.

Can anyone assist with this please?

0 Karma
Reply

ddrillic
Ultra Champion
‎08-24-2018 05:03 PM

It's interesting in the context of Splunk processes which can be hung, forwarders or indexers...

0 Karma
Reply

bsaujla131984
Path Finder
‎08-24-2018 05:29 PM

This is not related to Splunk process. It is related to application process in Linux/Unix servers.

0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎08-24-2018 03:25 PM

Hi @bsaujla131984 - Did @inventsekar 's answer below help provide a solution to your question? If yes, please click “Accept” below the best answer to resolve this post and upvote anything that was helpful. If no, please leave a comment with more feedback. Thanks.

0 Karma
Reply

bsaujla131984
Path Finder
‎08-24-2018 05:00 PM

Hi @mstjohn... I would need more info. The answer is given is mainly related to commands, however I would like to do it through Splunk...

0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎08-24-2018 05:11 PM

Gotcha, thanks bud! Good luck with your issue.

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎08-24-2018 03:39 AM

from a linux forum... "ps auxww |grep 'process_ID' " you can have current process' status like S (Sleep), R (Running) , Z (zombie) etc..

[root@server]# cat /proc/2324/status
Name: kmpathd/1
State: S (sleeping)
SleepAVG: 98%
Tgid: 2324
Pid: 2324
PPid: 13
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 32

Also, by using top command, you can see if the running process is taking high cpu(probably, hung process)

then you can create an alert accordingly..

0 Karma
Reply

bsaujla131984
Path Finder
‎08-24-2018 04:59 PM

Actually I want something which can be done entirely through Splunk instead of logging to UNIX/Linux serves..

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-24-2018 03:25 AM

Do you have a way of knowing if the process is hung?

ie: curl to see if port is open, or run service $name status

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...