I am trying to set up an alert for my DB Inputs and Connections. The main aim here is that I wanted to get notified when any of the DB Inputs /Connections are disabled or brought down.
I am clueless here on how to setup this. looking for any help !!
Can you please let us know DB Connect Version?
In our environment, we are looking at is the "splunk_app_db_connect" log in the index _internal to see what connection stats are written. If the DB connection fails, goes into time out or anything else then it is written here. You might check the same in your environment to see the results. From this log, we get the timeout and then we have set an alert that fires emails to us when the time out happens.
Hope this helps.!
Yes. It helped !! Thanks
Its "Splunk DB Connect V2". Let me know if you are looking for any additional info.
You can create a search to evaluate what's the average data size your source is producing:
index=_internal Metrics group=per_source_thruput series="name_of_the_source_you_defined_in_dbx" | stats avg(kb)
For the email alert, you can simply create an alarm to fire when avg(kb)=0, for example.