Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Applications

jovnice
Path Finder
‎02-02-2024 11:30 AM

I am very new to Splunk and having a hard time finding how to monitor applications. Can someone help? 

Labels (1)
Labels
0 Karma
Reply

jovnice
Path Finder
‎02-02-2024 12:00 PM

Thanks for the information. For the application I wanted to put an email alert on it for when someone is logging in and out of the application. Is that possible.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-02-2024 12:24 PM

Again - it's not how it works.

First, the application itself has to be able to generate - as we say - an "event" which will be either written to a file which Splunk's forwarder will be able to read or sent via network (there are also other ways to receive or pull data into Splunk but these are the most popular ones).

Then you have to ingest that data into Splunk.

When you have this data in Splunk, yes you can schedule a report which will - for example - every 5 minutes check if/how many users logged into your system.

But still, first and foremost, the application itself has to report this action somewhere so that Splunk can get such event. It's not a fortune teller you know 😉

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-02-2024 11:55 AM

Splunk on its own is not a "monitoring tool" meaning that Splunk is not meant to do - for example - active checks against an application as monitoring suites do (it probably can be forced to do that but it's not gonna be an optimal solution). Its forte is data analysis. So as long as you have data from external sources, you can put this data into Splunk, search it and analyze. Then - if you have events describing - for example - results of such checks, you can schedule an alert if there are too many failed probes or calculate whether the SLA levels were met or not.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...