Hi SMEs,
I would like to create an alert on Splunk ES which should trigger if any of the Heavy forwarder reboot or shutdown by someone. thanks in advance
Hi @pm2012
this is a decade old post, but this should give you some ideas..
https://community.splunk.com/t5/Getting-Data-In/How-do-I-tell-if-a-forwarder-is-down/m-p/10407