Re: Servers availability status

vamshi04 · ‎12-05-2019

Hi, Is there any way to get the availability of the Servers (UP/Down) status in real time in Splunk Cloud/Enterprise ?

vamshi04 · ‎12-05-2019

Hi @gcusello

I am asking about the Infra Servers (Windows and Linux). I have all the performance metrics of those Servers (CPU/MEM/DISK) for Server Operational Dashbaord. I tried all the possible ways to find, whether the Servers are Up or Down. But no luck

gcusello · ‎12-05-2019

Hi @vamshi04,
are you speaking of Splunk Servers or target servers?

If Splunk Servers, you can use the Splunk Monitoring Console (see at https://docs.splunk.com/Documentation/Splunk/8.0.0/DMC/DMCoverview ).

If you're speaking of the target servers, you could use again the Monitoring Console or create a dedicated dashboard.

Ciao.
Giuseppe

gcusello · ‎12-05-2019

Hi @vamshi04,
you should create a lookup containing all the server to monitor (e.g. perimeter.csv) with a column called host.
then you could run a search like this:

index=_internal
| eval host=lower(host)
| stats count BY host
| append [ | inputlookup perimeter.csv | eval count=0, host=lower(host) | fields host count ]
| stats sum(count) AS total BY host

In this way all the hosts with total=0 are down and hosts with total>0 are up.
You can create a dashboard to display in graphic mode the situation:

 <dashboard script="table_icons_rangemap.js" stylesheet="table_decorations.css">
     <label>Table Icon Set (Rangemap)</label>
     <description>Use Javascript and CSS in tables to convert rangemap results into icons.</description>
     <row>
         <table id="table1">
             <title>Render Icons based on rangemap result</title>
             <search>
                 <query>
                     index=_internal
                    | eval host=lower(host)
                    | stats count BY host
                    | append [ | inputlookup perimeter.csv | eval count=0, host=lower(host) | fields host count ]
                    | stats sum(count) AS total BY host
                    | rangemap field=total elevated=0-0 low=1-10000000000000 default=severe
                 </query>
                 <earliest>-1h</earliest>
             </search>
             <option name="drilldown">none</option>
         </table>
     </row>
 </dashboard>

in which there are notable:

in the first row a css and a js to call;
the id=1 in table tag used by js;
the rangemap command used to define the threesholds for the different levels and icons.

The instructions about css and js to use are in the Splunk Dashboard Examples App at Table Icon Set (Rangemap) dashboard.

Ciao.
Giuseppe

sphiwee · ‎08-31-2020

Hi i tried this and i can see my hosts but its not an appealing vizualization

gcusello · ‎08-31-2020

Hi @sphiwee,

did you followed the instructions in the Dashboard Examples App?

from your screenshot I see that you didin't configured the icons (css and js) for the graphical visualization.

To do this, see in the Dashboard Examples app (https://splunkbase.splunk.com/app/1603/) how to do this.

In few words:

you have to copy the files "table_icons_rangemap.js" and "table_decorations.css" (that you can find the Dashboard Examples App) in your $SPLUNK_HOME/etc/apps/your_app/appserver/static;
insert in the first row of your dashboard script="table_icons_rangemap.js" stylesheet="table_decorations.css";
then restart Splunk.

In this way you can use the css and js that you copied and have in the Status column an Icon.

Ciao.

Giuseppe

sphiwee · ‎08-31-2020

ohh don't you have another option that would not require me to log into server, because I need access and it will take a while for me to get it, i just need an option to visualize online servers and to trigger an alert whenever a server is unavailable

gcusello · ‎12-06-2019

Does it run for you?

Ciao.
Giuseppe

Servers availability status

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes