I installed PING status app on my personal splunk, running in my pc, and it works;
I tried to install the same app on splunk of my company and it doesn't work.
I also tried to run the splunk instance with root privileges and follow all the tips on README.txt but without success.
Can anyone help me?
@ndoshi created it, but after pouring through all the multiple pages on Splunk Answers, it seems a bunch of people have the same problem as us. Nobody has a fix yet
Fixed it! Comment this out in etc/apps/pingstatus_command/bin/pingstatus.py and fix tabbing appropriately. Or change to "if True:".
if "_raw" in r:
now it seems that something works but for some IP address, the results of pingdelay is 0.0.
Why am I getting this results?
I'm not sure. I get three categories of ping results on my network. Successful pings (0.004822), unsuccessful pings (10000000), and then an empty string. The empty string correlates to a "TTL expired in transit error" ping response on the command line. I'm guessing the "0.0" is another type of ping response similar to the TTL one (there are a couple different pings responses, I'm no expert, but you can learn about the different types through a quick google search).
Or, maybe you somehow trimmed the string of a successful ping and then it came through as "0.0"? That's pretty much all I can offer
Hi nick, I didn't find what 0.0 means as a result of pingdelay.
If I run a search with pingdelay sometimes the result is 0.0026 sometimes, for the same IP address, is 0.0 and if I try to ping via cmd the result is a succesfully ping.
Can you help me to find the cause?
I had the same problem, again, on my Splunk 7.2 Ubuntu instance. My earlier comments and answer were for Splunk 6.3 Windows. Here is what I did to fix it this time:
I can go through the exact steps I took, but I figure I'll just tell you what ended up working for me. I again commented out that conditional statement, placed ping.py, ping.pyc, and pingstatus in the bin folder for my app, and put commands.conf and authorize.conf as described in https://answers.splunk.com/answers/370963/pingstatus-command-why-am-i-getting-unknown-comman.html into the local directory for my app, and then ran Splunk as root.
It would not work with any combination of these changes if placed in the system folder, as the documentation and that answer tell you to do. It wouldn't even go through and put all the pings as 10000000, it just left them blank. Running Splunk as non-root but using my app folder put them all as 10000000. Basically, try altering these four variables until it works
*Whether the bin and local files are in the system directory
*Using and not using authorize.conf
*Running and not running as root
*Commenting and commenting that line
Basically, like almost everything "helpful" that Splunk offers, I would not recommend using pingstatus unless you're willing to spend a fair amount of time to get it working. Why Splunk publishes these half/25% working apps CONSTANTLY, I have no idea. Two operating systems, Splunk 6, Splunk 7, and pingstatus has never once worked for me without hours of work. Fun.
I'm sure I will run into problems constantly running Splunk as root, so if anyone knows how to get it working without having to run it as root... please let me know