Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the best way to do Ping monitor for Windows and Linux servers?

ansif
Motivator
‎03-08-2019 05:52 AM

Best way to do Ping monitor for Windows and Linux servers?

What is the best way to do ping monitor for 4k servers including Linux and Windows servers?

Tags (2)
0 Karma
Reply

daniel_wilson32
New Member
‎06-17-2019 10:08 AM

This is good discussion.

0 Karma
Reply

ansif
Motivator
‎06-27-2019 01:56 AM

Most of the customer demands a report for server Availability.
We perform following things:

  1. Powershell script which executes in a server,which take ip addresses from text file and index the result to Splunk.( If in case of more servers,this script is not efficient)
  2. Use deployment server to check if any of the clients are not reporting within the time (this method only ensure connection between Deployment server and end devices,sometimes the device is up but not connected/sync with DS)
  3. Use system up time.

Is there any other method people use? Please suggest.

0 Karma
Reply

mperry_splunk
Splunk Employee
Splunk Employee
‎03-27-2019 01:59 PM

As said above... if you're simply trying to see if a UF is up and communicating, here is a quick query to see how long it's been since a UF has communicated with Splunk.

| metadata type=hosts index=_internal | eval min_last_comm = now()-recentTime | eval min_last_comm = round(min_last_comm / 60) | eval _time=now() | fields _time, host, min_last_comm

0 Karma
Reply

nickhills
Ultra Champion
‎03-08-2019 06:32 AM

If you have forwarders installed on all your endpoints, the options are almost endless, but it depends exactly 'what' you are trying to monitor.

If you just want to see which machines are online and connected to Splunk, you can use the metadata command to quickly produce a list of systems which have communicated in the last x minutes.

| metadata type=hosts index=_*

By specifying index=_* it checks the internal logs (rather than your monitored data sources)

If you are looking to verify that the hosts have network connectivity to/from a specific location (you know they have net-access to Splunk because otherwise there wouldn't be any logs) you can write a simple script which executes ping from each host and indexes the results.

If you are looking to more accurately track, and report on network performance, you should use the metrics store to collect metric and performance data from each host, and build your own charts with the metrics workspace.
https://splunkbase.splunk.com/app/4192/

If you want the most powerful insight into your networking/host and performance data, take a look at Splunk ITSI
https://www.splunk.com/en_us/software/it-service-intelligence.html

If my comment helps, please give it a thumbs up!
0 Karma
Reply

ansif
Motivator
‎03-10-2019 10:09 PM

I have splunk universal forwarder installed on all servers. Which parameter I need to use for ping monitoring for both windows and unix?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...