Monitoring Splunk

How do I check to see if all my Indexers are healthy & universal & heavy forwarders are healthy & reporting in?

SamHTexas
Builder

How do I check to see if all my Indexers are healthy & universal & heavy forwarders are healthy & reporting in?

Labels (1)
Tags (1)
0 Karma
1 Solution

scelikok
SplunkTrust
SplunkTrust

Since this is only alerting/reporting application using mostly _internal logs. Any search head would be fine or you can install it only on your Monitoring Console instance.

Since ES has its own datamodels, you need to install on ES to access datamodel definitions.

There are a few Cluster Master searches that runs via REST calls, that is why it will be install there too. 

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

0 Karma

scelikok
SplunkTrust
SplunkTrust

There is no need to install indexers. You should install it on any search head, and Cluster Master and ES for datamodel specific alerts. 

You can find more detail on Installation part of the details page;

https://splunkbase.splunk.com/app/3796/#/details 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma

SamHTexas
Builder

One last question please. So If I have 3 Search heads I install it on each SH ? In addition to install it on CM & ES ? Thank u in advance. Stay blessed & safe.

0 Karma

scelikok
SplunkTrust
SplunkTrust

Since this is only alerting/reporting application using mostly _internal logs. Any search head would be fine or you can install it only on your Monitoring Console instance.

Since ES has its own datamodels, you need to install on ES to access datamodel definitions.

There are a few Cluster Master searches that runs via REST calls, that is why it will be install there too. 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @SamHTexas,

You can check Alerts for Splunk Admin app (https://splunkbase.splunk.com/app/3796/).

It has lots of alerts categorized by indexers, forwarders, search heads etc. 

You can schedule the relevant ones to your infrastructure. 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma

SamHTexas
Builder

Thank you for your message. Where is best to install this app. ? On any search head? Indexer? ES? I will wait for your reply & Thx

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...