Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do you report on the search head cluster availability score (99.9999% score)?

gduggan1
Path Finder
‎12-05-2017 08:38 AM

I am tasked with reporting on our Splunk environment. I am running a Search Head cluster with 3 Search Heads and an index cluster with 6 indexers (single site). They are all on 6.6.3.

Does anyone know a search that would return a result indicating the availability of the SH cluster and the Index cluster independent of each other. I am looking for a (99.99999%) 5x9's availability score specifically. Up until now I am just showing up times on my search heads (based on last restart of splunkd).

I wasn't able to find this in the monitoring console either (DMC). Any help would be greatly appreciated 🙂

0 Karma
Reply

lycollicott
Motivator
‎12-05-2017 11:22 AM

Oh, the magic nines.

It is a little suspect whenever a monitoring system has to monitor itself. For example, all of your search heads could be up, but your network could be down.

But you could try this app https://splunkbase.splunk.com/app/1493/ on your DMC to monitor the search heads. If you leave splunkweb enabled on your indexers (which most people turn off) you could also use it for those.....just keep the port & url known only to yourself and fellow admins.

Caveat: I have not used that app.

0 Karma
Reply

gduggan1
Path Finder
‎12-05-2017 12:07 PM

Awesome! thanks for the app i'll test it out, we are currently running a Round Robin DNS on the front end but will be moving to an F5 soon. I could prob integrate the 2 measures to have a somewhat specific measure of availability. I guess this just scratches the surface though because we have to take in account "can you search the data you are looking for" measures as well....

0 Karma
Reply

lycollicott
Motivator
‎12-05-2017 12:27 PM

The F5 might have some reporting functions that could be useful, too.

As for searchable.....theoretically you could schedule a shell script that would do a command line search every few minutes and alert when results are 0 or an error.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...