- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- NOTIFY ME WHEN LOST CONNECTION WITH DATABASE
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NOTIFY ME WHEN LOST CONNECTION WITH DATABASE
How do I configure splunk to notify me by email when cutting the connection to the database and can not continue indexing data? I use db connect.
best regards.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
An alternative to this method that to be very configurable, you can put in 24 hours if not generated any event, send a Notice splunk, but if in 72 hours not generated any email sent event of danger.
Could there perhaps a better alternative?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It actually works very efficient for me because I'm using dbx to monitor database logging. We use a tailing method and therefore the dbx is checking on a schedule and each time dbx checks the database it genenerates a log entry. If we loose the connection to the database then we get an alert, and when the database is connected we are guaranteed that there will be events.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great, thank you very much lukejadamec !
With regard to this method that you mention it, I do not know if it's very efficient because you have to trust that every day, 24 Hs of the day, the DB will be generating at least one event .... In case you did not, then the alert would begin to annoy, taking away sense to notice.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
great, thank you very much!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
great, thank you very much!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can create a search like:
index=yourdbxindex source=yourdbxsource
Save the search.
Create an Alert for the search:
Time: -15m@m now
Schedule: Cron 0 */1 * * *
Condition: If number of events is less than 1
Send Email: Enable
Email Address: your email address
This will check once an hour for data from your dbx source. Change the cron schedule to adjust the frequency.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For some reason the Cron schedule was truncated. It should read zero space star slash one space star space star space star
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
