I found that Splunk Monitor System health can check health of Splunk and check if it's monitoring or not. However, i wasn't able to use it with my current license. So, is there another way to check if Splunk is monitoring most of the time and working ? If yes please provide me with links of explanation with steps.
Also, I don't understand the main purpose of Master Node Dashboard, is this a way to check if Splunk monitoring ?
Thank you in advance!
Hi @maryamchar
Yes, you can monitor splunk health via rest
You can refer this answer for the splunk query
But, here again this query will work from DMC server only because from one search head you can't run rest query of other heads, cluster master, deployment server.
Regarding, master node dashboard, its basically
The Indexer Clustering: Status dashboard in DMC which provides information on the state of our cluster.
The Indexer Clustering: Service Activity dashboard in DMC which provides information on matters such as bucket-fixing activities and warnings and errors.
So master node dashboard just provides the limited ovewview of DMC as DMC is a rich source of information about compelete Splunk Enterprise deployment. You can refere below document for more information.
https://docs.splunk.com/Documentation/Splunk/7.2.0/DMC/WhatcanDMCdo
Hope this answers your question 🙂
Hi @maryamchar
Yes, you can monitor splunk health via rest
You can refer this answer for the splunk query
But, here again this query will work from DMC server only because from one search head you can't run rest query of other heads, cluster master, deployment server.
Regarding, master node dashboard, its basically
The Indexer Clustering: Status dashboard in DMC which provides information on the state of our cluster.
The Indexer Clustering: Service Activity dashboard in DMC which provides information on matters such as bucket-fixing activities and warnings and errors.
So master node dashboard just provides the limited ovewview of DMC as DMC is a rich source of information about compelete Splunk Enterprise deployment. You can refere below document for more information.
https://docs.splunk.com/Documentation/Splunk/7.2.0/DMC/WhatcanDMCdo
Hope this answers your question 🙂
Thank you!!!
The link you provided me with query didn't work for me. Is there any other easy way to check if Splunk monitoring all the time ? Again thank you!
| rest splunk_server=local /services/search/distributed/peers | rename title as peerURI | join type=outer peerURI [| rest splunk_server=local /services/server/info | eval peerURI = "localhost" | eval status = "Up"] | eval status = if(status == "Up", status, "Unreachable") | eval OS = os_name | eval ram = round(physicalMemoryMB / 1024, 2)." GB" | fields host, server_roles, OS, numberOfCores, ram, version, status| sort status, host| rename host as Instance, server_roles as Role, numberOfCores as "Cores", ram as RAM, version as Version, status as Status
This query is working fine for me.
What issues are you facing while running above query.
Did you ran this in DMC ?
Yes i tried it on DMC. This is the error i'm getting
REST Processor: Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/search/distributed/peers?count=0 from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API