AppD Archive

Health rule to detect when machine agents are not reporting

CommunityUser
Splunk Employee
Splunk Employee

I have an application that is configured for machine agents monitoring only. There are 4 nodes in this application.  The machine agents are reporting back to the controller for the application.

Currently all 4 machine agents are down, no metrics are available and all health rules are green.  I want to build a health rule that goes into error because 50% of the nodes are not reporting any details. 

Suggestions?

0 Karma
1 Solution

CommunityUser
Splunk Employee
Splunk Employee

OK, so this was actually quite easy. See screenshots.

image.png

image.png

image.png

View solution in original post

CommunityUser
Splunk Employee
Splunk Employee

OK, so this was actually quite easy. See screenshots.

image.png

image.png

image.png

CommunityUser
Splunk Employee
Splunk Employee

Hi. 

I too need to create a alert like this.

The Application Infrastructure Performance|TierName|Agent|App|Availability is great to use if you want to monitor a specific Tier, but I have about 50 Tiers and growing, so I don't want to manually create and maintain this rule.

Anyone got a tip? I t would be great to be able to use a wildcard or something.

0 Karma

CommunityUser
Splunk Employee
Splunk Employee

We just had this setup last week at our shop. There is a metric in the metric browser that reports a 1 if the agent is available.  This metric exists for both machine and app agents.  Just set up a health rule that alerts if this metric is less than 1.

Application Infrastructure Performance|APP.AvailableLoads|Agent|Machine|Availability

You can set it up by node or tier, depending on how you want to be alerted.  Hope this helps.

0 Karma

CommunityUser
Splunk Employee
Splunk Employee

Hello, I'm facing the issue, even though i've applied health rules to one node only.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...