Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How long does monitor rolling restart take?

k31453
Explorer
‎10-13-2020 05:34 PM

Hi, So I am trying to build SPL for how long does it take to restart splunk. BIt of context, We do sometimes do rolling restart through Cluster Master. So I am trying to determine, how long does rolling restart take. 

 

So far from research, I can find splunk starting log from splunkd event. But that's just tells me one instance splunk starting. But i can't find logs from when splunk is shutting down. 

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-13-2020 11:10 PM

Hi

this should work

 

index=_internal host IN (<List of Your CM nodes>) component=CMMaster "Starting a rolling restart of the peers." OR "rolling restart finished"
| transaction startswith="Starting a rolling restart of the peers." endswith="rolling restart finished"
| eval restartTime = tostring (duration, "duration")
| table _time restartTime _raw

 

r. Ismo 

Reply

tro
Path Finder
‎10-18-2022 06:34 AM

Query is not working anymore.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...