Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Setting up Alerts for basic things like Disk Space for windows/Unix servers

pc591f
Explorer
‎05-29-2024 05:28 AM

I'm very new to this and found we do not have any alerts setup for basic things like Disk space on drives etc, I've done some basic courses but I don't know what to put after Host= to capture all drives on both windows and Unix

  • Application Crashes.
  • System or Service Failures.
  • Windows Update Errors.
  • Windows Firewall.
  • Clearing Event Logs.
  • Software and Service Installation.
  • Account Usage Kernel Driver Signing.
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-29-2024 06:01 AM

hi @pc591f ,

at first see in documentation how to get data in from forwarders (https://docs.splunk.com/Documentation/Splunk/9.2.1/Data/Usingforwardingagents)

then install on Forwarders one of these apps: Splunk TA for Windows (https://splunkbase.splunk.com/app/742) or Splunk TA for nix (https://splunkbase.splunk.com/app/833), remembering to enable inputs that by default are disabled.

Having those logs, youcan create your own searches.

The most difficoult is to know what to search, but this isn't a Splunk knowledge.

To understand how to create the search, you can follow the Splunk Search Tutorial  (https://docs.splunk.com/Documentation/SplunkCloud/8.1.0/SearchTutorial/WelcometotheSearchTutorial).

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-29-2024 06:01 AM

hi @pc591f ,

at first see in documentation how to get data in from forwarders (https://docs.splunk.com/Documentation/Splunk/9.2.1/Data/Usingforwardingagents)

then install on Forwarders one of these apps: Splunk TA for Windows (https://splunkbase.splunk.com/app/742) or Splunk TA for nix (https://splunkbase.splunk.com/app/833), remembering to enable inputs that by default are disabled.

Having those logs, youcan create your own searches.

The most difficoult is to know what to search, but this isn't a Splunk knowledge.

To understand how to create the search, you can follow the Splunk Search Tutorial  (https://docs.splunk.com/Documentation/SplunkCloud/8.1.0/SearchTutorial/WelcometotheSearchTutorial).

Ciao.

Giuseppe

Reply
Solved! Jump to solution

pc591f
Explorer
‎05-29-2024 06:14 AM

Hi Gcusello

Thanks for the information, Forwarders are installed on all servers currently, its just setting up the searches are my colleague is away for the week and i just trying to set up some basic alerts, thanks for your advice 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-29-2024 06:15 AM

Hi @pc591f,

check if the add-ons I mentioned are installed and if the inputs that takes the information you need are enabled.

If yes, you have only to create your searches.

if not, you haven't the information for your Use Cases.

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...