All Apps and Add-ons

Splunk DB Connect: How do you set an email alert for when DB Inputs/Connections are down due to any issue?

Sidharda
Path Finder

Hi Splunkers,

I am trying to set up an alert for my DB Inputs and Connections. The main aim here is that I wanted to get notified when any of the DB Inputs /Connections are disabled or brought down.

I am clueless here on how to setup this. looking for any help !!

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Can you please let us know DB Connect Version?

0 Karma

utkarshpatel
New Member

Hi Sidharda,

In our environment, we are looking at is the "splunk_app_db_connect" log in the index _internal to see what connection stats are written. If the DB connection fails, goes into time out or anything else then it is written here. You might check the same in your environment to see the results. From this log, we get the timeout and then we have set an alert that fires emails to us when the time out happens.

Hope this helps.!

0 Karma

Sidharda
Path Finder

Yes. It helped !! Thanks

0 Karma

Sidharda
Path Finder

Hi,

Its "Splunk DB Connect V2". Let me know if you are looking for any additional info.

0 Karma

davidcruz
Explorer

You can create a search to evaluate what's the average data size your source is producing:

index=_internal Metrics group=per_source_thruput series="name_of_the_source_you_defined_in_dbx" | stats avg(kb)

For the email alert, you can simply create an alarm to fire when avg(kb)=0, for example.

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!