All Apps and Add-ons

NOTIFY ME WHEN LOST CONNECTION WITH DATABASE

javierlf
Explorer

How do I configure splunk to notify me by email when cutting the connection to the database and can not continue indexing data? I use db connect.

best regards.

0 Karma

javierlf
Explorer

An alternative to this method that to be very configurable, you can put in 24 hours if not generated any event, send a Notice splunk, but if in 72 hours not generated any email sent event of danger.
Could there perhaps a better alternative?

0 Karma

lukejadamec
Super Champion

It actually works very efficient for me because I'm using dbx to monitor database logging. We use a tailing method and therefore the dbx is checking on a schedule and each time dbx checks the database it genenerates a log entry. If we loose the connection to the database then we get an alert, and when the database is connected we are guaranteed that there will be events.

0 Karma

javierlf
Explorer

Great, thank you very much lukejadamec !

With regard to this method that you mention it, I do not know if it's very efficient because you have to trust that every day, 24 Hs of the day, the DB will be generating at least one event .... In case you did not, then the alert would begin to annoy, taking away sense to notice.

0 Karma

javierlf
Explorer

great, thank you very much!

0 Karma

javierlf
Explorer

great, thank you very much!

0 Karma

lukejadamec
Super Champion

You can create a search like:
index=yourdbxindex source=yourdbxsource

Save the search.

Create an Alert for the search:

Time: -15m@m now

Schedule: Cron 0 */1 * * *

Condition: If number of events is less than 1

Send Email: Enable

Email Address: your email address

This will check once an hour for data from your dbx source. Change the cron schedule to adjust the frequency.

lukejadamec
Super Champion

For some reason the Cron schedule was truncated. It should read zero space star slash one space star space star space star

0 Karma
Get Updates on the Splunk Community!

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...