Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

monitor to check whether the logging (receiving) is working or not !!!

basilboon
New Member
‎02-07-2013 05:48 AM

Hi Splunk Team,

First of all you got a great app !! Thanks for that !!

My master Splunk has setup correctly and forwards logs to another active splunk. Yesterday when checked the log receiving has been stopped because of the disk space in the server. It got fixed after increasing the disk space.

Now the thing is, we are trying to setup a monitor using our tool (ICINGA) just to check whether the log receiving is up to date.

Is there any command to show whether the logs are up to date ?

Let me know if you need more information.

Regards,
Basil

Tags (2)
0 Karma
Reply

basilboon
New Member
‎02-08-2013 12:06 AM

Hi Daniels,

Thanks for your reply.

The exact thing I want is to write a shell script (bash) to monitor whether the logging is working properly. The script will run in every five min and get the data (some how via shell) and send the mail to a distribution list, if only the logging is not working for the past one hour or so.

Just wanna know if there is any commands to identify this from back end (server console).

Regards,
Basil

0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎02-07-2013 06:31 AM

Check out this previous Splunkbase answer. You can create an alert based on that search. You'll just need to adjust the time to be 'age > somenumber' in seconds. The example below is checking to see if there are any hosts that haven't sent events in the last two days. If the search comes up empty it means you are ok. If you get a values you can alert on them to let you know which hosts might be having issues sending data to Splunk.

http://splunk-base.splunk.com/answers/3181/how-do-i-alert-when-a-host-stops-sending-data

| metadata index=main type=hosts | eval age = now()-lastTime | where age > (2*86400) | sort age d | convert ctime(lastTime) | fields age,host,lastTime

0 Karma
Reply

basilboon
New Member
‎02-08-2013 12:06 AM

Hi Daniels,

Thanks for your reply.

The exact thing I want is to write a shell script (bash) to monitor whether the logging is working properly. The script will run in every five min and get the data (some how via shell) and send the mail to a distribution list, if only the logging is not working for the past one hour or so.

Just wanna know if there is any commands to identify this from back end (server console).

Regards,
Basil

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...