Getting Data In
Highlighted

Is there a way to know if Splunk is operating 90% of the time ?

New Member

I found that Splunk Monitor System health can check health of Splunk and check if it's monitoring or not. However, i wasn't able to use it with my current license. So, is there another way to check if Splunk is monitoring most of the time and working ? If yes please provide me with links of explanation with steps.

Also, I don't understand the main purpose of Master Node Dashboard, is this a way to check if Splunk monitoring ?

Thank you in advance!

0 Karma
Highlighted

Re: Is there a way to know if Splunk is operating 90% of the time ?

Communicator

Hi @maryamchar

Yes, you can monitor splunk health via rest
You can refer this answer for the splunk query

https://answers.splunk.com/answers/589489/how-to-get-instance-health-via-splunk-query.html#answer-59....

But, here again this query will work from DMC server only because from one search head you can't run rest query of other heads, cluster master, deployment server.

Regarding, master node dashboard, its basically
The Indexer Clustering: Status dashboard in DMC which provides information on the state of our cluster.
The Indexer Clustering: Service Activity dashboard in DMC which provides information on matters such as bucket-fixing activities and warnings and errors.

So master node dashboard just provides the limited ovewview of DMC as DMC is a rich source of information about compelete Splunk Enterprise deployment. You can refere below document for more information.
https://docs.splunk.com/Documentation/Splunk/7.2.0/DMC/WhatcanDMCdo

Hope this answers your question 🙂

View solution in original post

0 Karma
Highlighted

Re: Is there a way to know if Splunk is operating 90% of the time ?

New Member

Thank you!!!
The link you provided me with query didn't work for me. Is there any other easy way to check if Splunk monitoring all the time ? Again thank you!

0 Karma
Highlighted

Re: Is there a way to know if Splunk is operating 90% of the time ?

Communicator
| rest splunk_server=local /services/search/distributed/peers | rename title as peerURI  | join type=outer peerURI [| rest splunk_server=local /services/server/info | eval peerURI = "localhost" | eval status = "Up"]  | eval status = if(status == "Up", status, "Unreachable") | eval OS = os_name | eval ram = round(physicalMemoryMB / 1024, 2)." GB" | fields host, server_roles, OS, numberOfCores, ram, version, status| sort status, host| rename host as Instance, server_roles as Role, numberOfCores as "Cores", ram as RAM, version as Version, status as Status

This query is working fine for me.
What issues are you facing while running above query.
Did you ran this in DMC ?

0 Karma
Highlighted

Re: Is there a way to know if Splunk is operating 90% of the time ?

New Member

Yes i tried it on DMC. This is the error i'm getting
REST Processor: Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/search/distributed/peers?count=0 from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API

0 Karma