Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How long does monitor rolling restart take?

k31453
Explorer
‎10-13-2020 05:34 PM

Hi, So I am trying to build SPL for how long does it take to restart splunk. BIt of context, We do sometimes do rolling restart through Cluster Master. So I am trying to determine, how long does rolling restart take. 

 

So far from research, I can find splunk starting log from splunkd event. But that's just tells me one instance splunk starting. But i can't find logs from when splunk is shutting down. 

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-13-2020 11:10 PM

Hi

this should work

 

index=_internal host IN (<List of Your CM nodes>) component=CMMaster "Starting a rolling restart of the peers." OR "rolling restart finished"
| transaction startswith="Starting a rolling restart of the peers." endswith="rolling restart finished"
| eval restartTime = tostring (duration, "duration")
| table _time restartTime _raw

 

r. Ismo 

Reply

tro
Path Finder
‎10-18-2022 06:34 AM

Query is not working anymore.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...