Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

overall splunk monitoring

andersmholmgren
Explorer
‎01-31-2012 05:54 PM

What is needed to monitor that splunk is running properly.

There is the Deployment Monitor App (http://splunk-base.splunk.com/apps/22301/splunk-deployment-monitor) as well as the SoS app (http://splunk-base.splunk.com/apps/29008/sos-splunk-on-splunk), but is that all that is needed?

Isn't there some kind of monitoring outside of splunk that is needed - e.g. monitoring that splunk processes (splunkd, splunkweb) are running? Any pointers around an overall monitoring strategy?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎02-01-2012 12:03 AM

Hi andersmholmgren

like any other IT system/server Splunk as well needs basic monitoring from the outside. a good start is for sure to monitor the two processes mentioned by you, but also keep in mind that there could be much more involved like SAN, NFS, network and so on.

hope this helps

cheers

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎02-01-2012 12:03 AM

Hi andersmholmgren

like any other IT system/server Splunk as well needs basic monitoring from the outside. a good start is for sure to monitor the two processes mentioned by you, but also keep in mind that there could be much more involved like SAN, NFS, network and so on.

hope this helps

cheers

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎02-02-2012 12:54 AM

Hi andersmholmgren

the most important process is the one you get with 'splunk status' listed as first, this is the main splunkd:

splunkd is running (PID: xxxxx).
splunk helpers are running (PIDs: xxxxx xxxxx).
splunkweb is running (PID: xxxxx).

other splunkd's are helpers and searches which makes no sense to monitor those - because as you said they come and go 😉

0 Karma
Reply
Solved! Jump to solution

shivang14
New Member
‎05-25-2016 06:33 AM

Hi Mus,
How can we monitor the SBOX hosting Splunk environment ?
Can Splunk monitor its own OS and Hardware on which it is hosted ?
What is the best practivce to monitor SBOX ?
Regards
Shivang Kanoujia

0 Karma
Reply
Solved! Jump to solution

andersmholmgren
Explorer
‎02-01-2012 10:12 PM

Thanks MuS

Do you know of a good reference for the processes to monitor and their lifecycles?

I've noticed that splunkd instances seem to come and go if I'm not mistaken.

0 Karma
Reply
Solved! Jump to solution

shivang14
New Member
‎05-25-2016 06:26 AM

Hi Mus,
How can we monitor the SBOX hosting Splunk environment ?
Can Splunk monitor its own OS and Hardware on which it is hosted ?
What is the best practivce to monitor SBOX ?
Regards
Shivang Kanoujia

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...