All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get the role of each server in splunk infra and its current status(running/stopped)

kaushik_kmk
Engager
‎01-23-2020 11:56 AM

Hello ALL,

I am new to Splunk,
I am okey to use APIs to fetch the required details or even by running commands in the server, but i would like to know how to fetch the below details from the server:

1)which all roles are enabled for the server ?
2)what is the current status of each of them ?

any help is really appreciated.
Thanks,
Kaushik KM

0 Karma
Reply

jscraig2006
Communicator
‎01-23-2020 02:26 PM

@ kaushik_kmk I know this isnt a REST solution. From the license manager you can monitor the roles and status. Settings > Monitoring Console. This query will also tell you the status of the server:

 index=_internal sourcetype=splunkd group=tcpin_connections hostname=<splunk_servers>
     | stats
     max(_time) as last_connected,
     sum(kb) as sum_kb by guid, hostname
     | eval connected_last = strftime(last_connected, "%F %T.%3N")
     | addinfo
     | eval status = if(isnull(sum_kb) or (sum_kb <= 0) or (last_connected < (info_max_time - 900)), "missing", "active")
     | table hostname last_connected status
Reply

kaushik_kmk
Engager
‎01-24-2020 04:15 AM

@jscraig2006 , Thank you for responding!
Exactly you are correct that we can view the status in the monitoring console, but how does the monitoring console fetch this information ???

If we have any API to fetch the information about the status of each role, i can use it for my purpose of doing health check.

Thanks,
Kaushik

0 Karma
Reply

jscraig2006
Communicator
‎01-24-2020 09:18 AM

@kaushik_kmk.. Gotcha.. Here is a link regarding all the Splunk API references. https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTREF/RESTprolog

Hope this helps

~John

0 Karma
Reply

kaushik_kmk
Engager
‎01-23-2020 12:37 PM

I tried with the below,
https://myhost:8089/services/server/info ---> it gives me server roles:

server_roles

deployment_client
search_head
search_peer
kv_store

Now, if my understanding is correct, can we check if each of the role is working correctly or not ? (running/stopped), if YES, HOW ?
Please correct me if the above statement is wrong.

Thanks,
Kaushik KM

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...