Deployment Architecture

Splunk Server

harshavrath
Contributor

Hi,

If my Splunk is installed on an server & the server is down how will i tackle this problem in real time.

Any help is Appreciated,

Cheers.

Tags (1)
0 Karma
1 Solution

Matthias_BY
Communicator

Hi,

can you be a little bit more detailed, please? which server are you using? when is the server going down? What does mean the server is going down?

br
Matthias

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

It depends. Obviously no data will be indexed while the server is down. Splunk Universal Forwarders can buffer events for a time until the server is back up. Other applications that send events to Splunk may or may not buffer events. Some Splunk apps (like DB Connect) should pick up where they left off, however others may not.

---
If this reply helps you, Karma would be appreciated.

Matthias_BY
Communicator

Hi,

can you be a little bit more detailed, please? which server are you using? when is the server going down? What does mean the server is going down?

br
Matthias

Matthias_BY
Communicator

from their you can start then to create reports + alerts. so in case similar error messages or behavior occurs (more/less events, streamstats, stats, eval statements!) you want to get a notification.

however - IIS does not crash because there is the default default website of microsoft. IIS crashes because the application or website on it has some issues - so that is the good way why with splunk you're flexible to create such a monitoring instead as no vendor will now your IIS application 😉
br

0 Karma

Matthias_BY
Communicator

Hi,

you have installed a Splunk Forwarder on your IIS Server and you're collecting from IIS Logs. And you want to detect in advance in case your ISS is going down or stops to work based on the machine data.

so there are different ways and that is a learning curve in your environment. potentially you have for this already historical record of data.

First: Collect all the data
Secondly: Investigate and review
--> That is what you're asking. Review the activity from the last outages and see what was in the log. is there something which indicates this outage? Maybe different error messages?

0 Karma

harshavrath
Contributor

I meant,my Splunk is installed on IIS Server is there a way by using Alerting/monitoring that i can get to know the server is down such as can it send any message before it is down.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...