Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

When KV Store got restarted

Master_Blaster
Explorer
‎03-24-2021 04:15 AM

Hi,

We have a search head cluster of 8 members in which KV store is failing frequently. We used to start services manually.

I'd like to create a report which should contains when exactly  kv store got failed & when it got up. I am not sure in which logs we can find this info. 
Could anyone help me with the query for same ?
Thanks

 

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-24-2021 07:57 AM

I believe you want to search for "MongoDB starting"

index=_internal  sourcetype=mongod "MongoDB starting"
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎03-27-2021 03:26 AM

In alerts for splunk admins https://splunkbase.splunk.com/app/3796/ I have an alert to detect a lack of logging from mongod.log so combined with richgalloway's answer this might work for you...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply

Master_Blaster
Explorer
‎03-25-2021 04:05 AM

Unfortunately, the query doesn't help.  I see multiple entries of below message where we didn't do any actual restart.


2021-03-25T08:14:43.060Z I CONTROL [initandlisten] MongoDB starting : pid=18614 port=8191 dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo 64-bit host=xxxxxx

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...