Getting Data In

What is the best way to do Ping monitor for Windows and Linux servers?

ansif
Motivator

Best way to do Ping monitor for Windows and Linux servers?

What is the best way to do ping monitor for 4k servers including Linux and Windows servers?

Tags (2)
0 Karma

daniel_wilson32
New Member

This is good discussion.

0 Karma

ansif
Motivator

Most of the customer demands a report for server Availability.
We perform following things:

  1. Powershell script which executes in a server,which take ip addresses from text file and index the result to Splunk.( If in case of more servers,this script is not efficient)
  2. Use deployment server to check if any of the clients are not reporting within the time (this method only ensure connection between Deployment server and end devices,sometimes the device is up but not connected/sync with DS)
  3. Use system up time.

Is there any other method people use? Please suggest.

0 Karma

mperry_splunk
Splunk Employee
Splunk Employee

As said above... if you're simply trying to see if a UF is up and communicating, here is a quick query to see how long it's been since a UF has communicated with Splunk.

| metadata type=hosts index=_internal | eval min_last_comm = now()-recentTime | eval min_last_comm = round(min_last_comm / 60) | eval _time=now() | fields _time, host, min_last_comm

0 Karma

nickhills
Ultra Champion

If you have forwarders installed on all your endpoints, the options are almost endless, but it depends exactly 'what' you are trying to monitor.

If you just want to see which machines are online and connected to Splunk, you can use the metadata command to quickly produce a list of systems which have communicated in the last x minutes.

| metadata type=hosts index=_*

By specifying index=_* it checks the internal logs (rather than your monitored data sources)

If you are looking to verify that the hosts have network connectivity to/from a specific location (you know they have net-access to Splunk because otherwise there wouldn't be any logs) you can write a simple script which executes ping from each host and indexes the results.

If you are looking to more accurately track, and report on network performance, you should use the metrics store to collect metric and performance data from each host, and build your own charts with the metrics workspace.
https://splunkbase.splunk.com/app/4192/

If you want the most powerful insight into your networking/host and performance data, take a look at Splunk ITSI
https://www.splunk.com/en_us/software/it-service-intelligence.html

If my comment helps, please give it a thumbs up!
0 Karma

ansif
Motivator

I have splunk universal forwarder installed on all servers. Which parameter I need to use for ping monitoring for both windows and unix?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...