Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create alert for server / forwarder / index that doesn't work?

agentsofshield
Path Finder
‎07-15-2018 11:54 PM

In order to find out more quickly if a certain part of Splunk doesn't work, I figured that maybe there's a way to create an alert in case one of these things doesn't work?:

  • Server (if any server is down - search, indexer, deployment, etc.)
  • Forwarder
  • Index (I'd like to check on important indexes we use all the time)

I want an alert in case one of these doesn't work. Anyone knows how?

Cheers

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-16-2018 12:52 AM

Hi @agentsofshield ,

You could use monitoring console (Old DMC)for that. Please have a look at this http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Platformalerts
AND
http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Configureforwardermonitoring
AND
In general : http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Monitoringoverview

Please lets know in case you need further help

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-16-2018 12:52 AM

Hi @agentsofshield ,

You could use monitoring console (Old DMC)for that. Please have a look at this http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Platformalerts
AND
http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Configureforwardermonitoring
AND
In general : http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/Monitoringoverview

Please lets know in case you need further help

---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply
Solved! Jump to solution

agentsofshield
Path Finder
‎07-16-2018 01:34 AM

Ok thanks but here's another question:

Any way I can make these alerts pop on the search heads too? Currently it's only a triggered alert on the indexer master node.

0 Karma
Reply
Solved! Jump to solution

renjith_nair
Legend
‎07-16-2018 01:41 AM

http://docs.splunk.com/Documentation/Splunk/7.1.2/DMC/WheretohostDMC

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

agentsofshield
Path Finder
‎07-16-2018 03:58 AM

Ok, what about indexes? Can I check if an index brings back results and if it doesn't, create an alert?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...