All Apps and Add-ons

NOTIFY ME WHEN LOST CONNECTION WITH DATABASE

javierlf
Explorer

How do I configure splunk to notify me by email when cutting the connection to the database and can not continue indexing data? I use db connect.

best regards.

0 Karma

javierlf
Explorer

An alternative to this method that to be very configurable, you can put in 24 hours if not generated any event, send a Notice splunk, but if in 72 hours not generated any email sent event of danger.
Could there perhaps a better alternative?

0 Karma

lukejadamec
Super Champion

It actually works very efficient for me because I'm using dbx to monitor database logging. We use a tailing method and therefore the dbx is checking on a schedule and each time dbx checks the database it genenerates a log entry. If we loose the connection to the database then we get an alert, and when the database is connected we are guaranteed that there will be events.

0 Karma

javierlf
Explorer

Great, thank you very much lukejadamec !

With regard to this method that you mention it, I do not know if it's very efficient because you have to trust that every day, 24 Hs of the day, the DB will be generating at least one event .... In case you did not, then the alert would begin to annoy, taking away sense to notice.

0 Karma

javierlf
Explorer

great, thank you very much!

0 Karma

javierlf
Explorer

great, thank you very much!

0 Karma

lukejadamec
Super Champion

You can create a search like:
index=yourdbxindex source=yourdbxsource

Save the search.

Create an Alert for the search:

Time: -15m@m now

Schedule: Cron 0 */1 * * *

Condition: If number of events is less than 1

Send Email: Enable

Email Address: your email address

This will check once an hour for data from your dbx source. Change the cron schedule to adjust the frequency.

lukejadamec
Super Champion

For some reason the Cron schedule was truncated. It should read zero space star slash one space star space star space star

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...