Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a keep alive check for Splunkd in a load balancer environment?

Ant1D
Motivator
‎06-10-2013 04:41 AM

Hey,

How can we configure a load balancer to check that splunkd is running on a server before the load balancer forwards data to that server?
I am aware of different types of keepalive probes that load balancers can use (e.g. ICMP, TCP, UDP, HTTP) and it would be good to know how other Splunk users have approached this.

I am aware that Forwarders handle load balancing but Forwarders will not be used in this instance.

Thanks in advance for your help.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎02-28-2019 06:03 PM

Greetings from the future,

there is an app https://splunkbase.splunk.com/app/4395/ now that provides a REST API endpoint that the load balancer can check without authentication and without the need to enable the debug endpoints in web.conf.
It provides also an option to take the Splunk instance out of the load balancer group (the load balancer must support such a thing).

Hope this helps ...

cheers, MuS

0 Karma
Reply

Ant1D
Motivator
‎06-13-2013 04:21 AM

Thanks for your feedback. I should have specified above that we would like to do this without using Splunk forwarders.

0 Karma
Reply

bmacias84
Champion
‎06-10-2013 08:38 AM

I would uses Splunks AutoLoadBalancing on the forwarder with Indexer acknowledgement. This way you minimize data lose. Splunk Forwarders will place none responsive servers into quarantine untill next interval.

0 Karma
Reply

ShaneNewman
Motivator
‎06-10-2013 06:09 AM

We use a powershell script to run on all of our Windows Splunk servers to do this, although the load balancing we leave up the the universal forwarders and heavy forwarders. The concept is simple enough, we check the status of the service to make sure it is up every 60 seconds. If we find the service is not running, the powershell script starts the service. The results of each run is written to a log we created on each individual server - monitored by UNC by a separate server. Those servers have a separate search running, looking for the absence of data for longer than 3 minutes, signifying the server may be down.

Hope that helps.

0 Karma
Reply

Ant1D
Motivator
‎06-13-2013 04:34 AM

Thanks for the input

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...