Re: Is it possible to trigger a restart script on ...

krishnacasso · ‎11-04-2016

Hi,

We monitor server status using access live log. It will continuously check for 200 statuses from the log. When we have status other than 200, for 5 minutes we need to trigger an alert. I see a option in +add action to run a script. Can we place a restart script on the server where the forwarder is installed and trigger it whenever the alert condition in triggered?

Thanks.

Masa · ‎11-06-2016

There is such built-in feature to access forwarder from a search head where you trigger a post script. So, you have to create your own scripts to make it work like that.

krishnacasso · ‎11-07-2016

Thanks Masa,
Do we need to manually access the forwarder from UI or Is there a way to automate this.

Thanks.

Masa · ‎11-08-2016

It depends. Your system admin should be able to advise how to remotely run command or access to remote server by script.

Is it possible to trigger a restart script on forwarder when an alert condition is met?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation