Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What's the best way to create an alert to tell whether a Windows Server is up or down?

mrtolu6
Path Finder
‎12-05-2016 06:01 AM

What's the best way to create an alert to tell whether a Windows Server is up or down?

Can you provide an example of a search query or script I can use to tell if a Windows Server is up or down. I understand I can use the Windows event code, but would it work if a server goes down? Or would I get that alert after the server has booted back up?? I'm looking for the best way to set up an up or down status alert for Windows server.

0 Karma
Reply

sundareshr
Legend
‎12-05-2016 02:01 PM

This is by means a reliable Up/Down indicator. This will only alert you if Splunk indexer has not received data from a specific host in over 15 min.

| metadata type=hosts index=* | where now()-lastTime>=(60*15) | table host lastTime | eval lastTime=strftime(lastTime, "%c")

For a better UP/DOWN alert, you could use something like this https://gallery.technet.microsoft.com/scriptcenter/Get-Ping-status-along-with-bd579238 , or better yet, splunk the results from this script and use splunk to alert. You can then report on trends etc.

0 Karma
Reply

PPape
Contributor
‎12-05-2016 06:50 AM

there are several ways to do this.
you could fire a script that telnets the host on a port and reports the answer....

Or (and this is what i would do) if you are gathering data from this host in a regular intervall i would watch if there are enogh events from the host in a decent amount of time. Like, if there are less or none this could be an indicator for an not running system.

Create a base search that populates the gathered events for the host you want to monitor. And than create an Alert

alt text

Preview file
1 KB
0 Karma
Reply

mrtolu6
Path Finder
‎12-05-2016 08:31 AM

I guess my question is, can you provide an example of a search query or script I can use to tell if a Windows Server is up or down. I understand I can use the Windows event code, but would it work if a server goes down? Or would I get that alert after the server has booted back up?? I'm looking for the best way to set up an up or down status alert for windows server. Please provide examples. Thank you

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...