In order to find out more quickly if a certain part of Splunk doesn't work, I figured that maybe there's a way to create an alert in case one of these things doesn't work?:
I want an alert in case one of these doesn't work. Anyone knows how?
Cheers
Hi @agentsofshield ,
You could use monitoring console (Old DMC)for that. Please have a look at this http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Platformalerts
AND
http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Configureforwardermonitoring
AND
In general : http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Monitoringoverview
Please lets know in case you need further help
Hi @agentsofshield ,
You could use monitoring console (Old DMC)for that. Please have a look at this http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Platformalerts
AND
http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Configureforwardermonitoring
AND
In general : http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Monitoringoverview
Please lets know in case you need further help
Ok thanks but here's another question:
Any way I can make these alerts pop on the search heads too? Currently it's only a triggered alert on the indexer master node.
http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/WheretohostDMC
Ok, what about indexes? Can I check if an index brings back results and if it doesn't, create an alert?