Hello Folks!
I need to create an alert that that checks if ports 800, 8089 and 9997 are up or down every 5 minutes. Could you please help me out? TIA!
This is what we have right now.
| rest splunk_server=local /services/search/distributed/peers/
| where status="Up" AND disabled=0
| fields peerName, status
| rename peerName as Instance, status as Status
millions of ways to it ...
here is one from top of my head, in linux, create a scripted input that does something like that;
sudo lsof -i -P -n | grep LISTEN <ports numbers ...>
or that
sudo netstat -tulpn | grep LISTEN <ports numbers ...>
in windows same idea ..
netstat -a
take the ouptut to Splunk and search for up or down ...
Is there a way to run a search through Splunk?
yes ... bring the right data, then run your search that captures condition for alert ...
In case it's not clear, you need to apply @adonio 's answer to a scripted input that sends the output to Splunk.
Are you checking a Linux or Windows machine?
Both! We have linux servers and Windows workstations.