Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alert

uagraw01
Motivator
‎12-28-2020 04:57 AM

Hello Members,

I need some suggestions and help. As per my screenshot we can see my events is skipped from 7:17 pm to 8:17 pm. So because of that user complaint for not getting any alerts during that period. Please suggest me how can i further troubleshoot this issue and find out the reason.

IMG_20201228_182151__01.jpg

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-28-2020 06:00 AM

Verify Splunk was running at the time.

Check the Monitoring Console for skipped searches around 8:17.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

uagraw01
Motivator
‎12-28-2020 07:43 AM

@richgalloway Our application is on Heavy forwarder. And i can see skipped event on HF as showned below and we are using splunk cloud. So please suggest me how can verify exactly with the event .

 

And how can i maintain my infrastructure HF. If any documents please share with me. Because i need to create an alert when the event count is less in HF then that alert will trigger.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-28-2020 02:03 PM

There is nothing "shown below".

If you're seeing skipped searches then you need to find the cause of the skips and remedy it.  Most often the cause is too many searches trying to run at the same time.  Changes the schedules of your saved searches and alerts so you don't have too many running at once.

Heavy forwarders should not be running searches at all.  They should be running on your cloud or hybrid search head.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...