Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How long does monitor rolling restart take?

k31453
Explorer
‎10-13-2020 05:34 PM

Hi, So I am trying to build SPL for how long does it take to restart splunk. BIt of context, We do sometimes do rolling restart through Cluster Master. So I am trying to determine, how long does rolling restart take. 

 

So far from research, I can find splunk starting log from splunkd event. But that's just tells me one instance splunk starting. But i can't find logs from when splunk is shutting down. 

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-13-2020 11:10 PM

Hi

this should work

 

index=_internal host IN (<List of Your CM nodes>) component=CMMaster "Starting a rolling restart of the peers." OR "rolling restart finished"
| transaction startswith="Starting a rolling restart of the peers." endswith="rolling restart finished"
| eval restartTime = tostring (duration, "duration")
| table _time restartTime _raw

 

r. Ismo 

Reply

tro
Path Finder
‎10-18-2022 06:34 AM

Query is not working anymore.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top