Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

In Splunk Enterprise 7.2, Can you help me clear the Splunkd Health Report feature?

AzJimbo
Path Finder
‎10-27-2018 12:57 AM

I love this feature in 7.2. The icon up front helped me find and fix a serious ingest issue I was otherwise blissfully unaware of. But, I found the only way to clear the health alert (get the icon to change back to green) was to restart splunkd. Did I miss something in the documentation? Is there an easier way to get the menu icon back to green after an issue is fixed?

Reply

bsherwoodofdapt
Explorer
‎06-27-2019 08:58 AM

I now have this problem too.

The feature alerted me that I was running out of disk space. I solved that problem. But the alert persists, showing the last test was two days ago, when I noticed it and solved it. I now have tens of gigabytes of free space.

So, it looks like when it trips, it stops checking altogether. It should still continue to test and clear the alert when the condition no longer triggers. At a minimum, there should be a button that forces a retest.

This should be a core feature of the platform without forcing you to add in extra applications to manage it.

0 Karma
Reply

MuS
Legend
‎10-30-2018 12:30 PM

Hi AzJimbo,

you can hit the /debug/refresh endpoint to do an _reload of the admin/health-report-config endpoint, but be aware that using /debug/refresh on an instance that receives data will result in data loss because it will forcefully restart admin/cooked.

If you want to prevent this from happen, use this app https://splunkbase.splunk.com/app/1871/ which by default excludes this endpoint. It also allows you to reload only one specific endpoint instead of all.

Hope this helps ...

cheers, MuS

0 Karma
Reply

jawaharas
Motivator
‎09-30-2019 06:10 PM

Thanks. Can't we use below one?

https://<splunk-base-url>/en-GB/debug/refresh?entity=admin/health-report-config
0 Karma
Reply

lakromani
Builder
‎10-30-2018 12:36 AM

In my distributed environment, it goes to green by itself. If I do restart some of the indexer, it change yo yellow, then back to green when all are up.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...