Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

map and sendmail commands in search head clustering

yutaka1005
Builder
‎10-17-2017 10:09 PM

In my environment, I am building search head clustering consisting of three search heads and one deployer.

In addition, I am using an alert that sends mail individually with the "map" command and "sendmail" command for logs that meet certain conditions.

However, as a result of checking this morning, only one alert was caught, and even though the result was one line, two mails were sent.

When I checking the internal logs, the logs below were issued in the internal logs of the two search heads at approximately the same timing (deviation of about 0.4 seconds).
"INFO sendemail:128 - Sending email..."

From this I thought that the same search ran for the two search heads.

Is there a workaround for this phenomenon?
Also, are "sendmail" and "map" commands not recommended in clustering?
And Is there a possibility that it is the cause?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎10-18-2017 12:12 AM

MAPコマンドもsendmailコマンドもクラスタ環境で問題なく動くと思います。JOBの重複起動やデータの重複が原因ではないですか?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

tkomatsubara_sp
Splunk Employee
Splunk Employee
‎10-18-2017 07:44 PM

メールサーバ側(たとえば、Syslog) で、きちんとリクエストが来ているかという観点でのチェックも必要ですね。

Reply
Solved! Jump to solution

yutaka1005
Builder
‎10-18-2017 08:49 PM

ご回答いただきありがとうございます。

アラートが二重で動作していたことが原因でした…
jobを確認したらすぐにわかりました。

0 Karma
Reply
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎10-18-2017 12:12 AM

MAPコマンドもsendmailコマンドもクラスタ環境で問題なく動くと思います。JOBの重複起動やデータの重複が原因ではないですか?

0 Karma
Reply
Solved! Jump to solution

yutaka1005
Builder
‎10-18-2017 08:50 PM

ご回答いただきありがとうございます。

ご指摘のとおりアラートが二重で動いていたことが原因でした。

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...