Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you report on the search head cluster availability score (99.9999% score)?

gduggan1
Path Finder
‎12-05-2017 08:38 AM

I am tasked with reporting on our Splunk environment. I am running a Search Head cluster with 3 Search Heads and an index cluster with 6 indexers (single site). They are all on 6.6.3.

Does anyone know a search that would return a result indicating the availability of the SH cluster and the Index cluster independent of each other. I am looking for a (99.99999%) 5x9's availability score specifically. Up until now I am just showing up times on my search heads (based on last restart of splunkd).

I wasn't able to find this in the monitoring console either (DMC). Any help would be greatly appreciated 🙂

0 Karma
Reply

lycollicott
Motivator
‎12-05-2017 11:22 AM

Oh, the magic nines.

It is a little suspect whenever a monitoring system has to monitor itself. For example, all of your search heads could be up, but your network could be down.

But you could try this app https://splunkbase.splunk.com/app/1493/ on your DMC to monitor the search heads. If you leave splunkweb enabled on your indexers (which most people turn off) you could also use it for those.....just keep the port & url known only to yourself and fellow admins.

Caveat: I have not used that app.

0 Karma
Reply

gduggan1
Path Finder
‎12-05-2017 12:07 PM

Awesome! thanks for the app i'll test it out, we are currently running a Round Robin DNS on the front end but will be moving to an F5 soon. I could prob integrate the 2 measures to have a somewhat specific measure of availability. I guess this just scratches the surface though because we have to take in account "can you search the data you are looking for" measures as well....

0 Karma
Reply

lycollicott
Motivator
‎12-05-2017 12:27 PM

The F5 might have some reporting functions that could be useful, too.

As for searchable.....theoretically you could schedule a shell script that would do a command line search every few minutes and alert when results are 0 or an error.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

It’s go time — Boston, here we come!

Are you ready to take your Splunk skills to the next level? Get set, because Splunk University is back, and ...

Performance Tuning the Platform, SPL2 Templates, and More New Articles on Splunk ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
li.common.scroll-to.top