Solved: How to create alert for server / forwarder / index...

agentsofshield · ‎07-15-2018

In order to find out more quickly if a certain part of Splunk doesn't work, I figured that maybe there's a way to create an alert in case one of these things doesn't work?:

Server (if any server is down - search, indexer, deployment, etc.)
Forwarder
Index (I'd like to check on important indexes we use all the time)

I want an alert in case one of these doesn't work. Anyone knows how?

Cheers

renjith_nair · ‎07-16-2018

Hi @agentsofshield ,

You could use monitoring console (Old DMC)for that. Please have a look at this http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Platformalerts
AND
http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Configureforwardermonitoring
AND
In general : http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Monitoringoverview

Please lets know in case you need further help

Happy Splunking!

View solution in original post

renjith_nair · ‎07-16-2018

Hi @agentsofshield ,

You could use monitoring console (Old DMC)for that. Please have a look at this http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Platformalerts
AND
http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Configureforwardermonitoring
AND
In general : http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Monitoringoverview

Please lets know in case you need further help

Happy Splunking!

agentsofshield · ‎07-16-2018

Ok thanks but here's another question:

Any way I can make these alerts pop on the search heads too? Currently it's only a triggered alert on the indexer master node.

renjith_nair · ‎07-16-2018

http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/WheretohostDMC

Happy Splunking!

agentsofshield · ‎07-16-2018

Ok, what about indexes? Can I check if an index brings back results and if it doesn't, create an alert?

How to create alert for server / forwarder / index that doesn't work?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life