How create reports to monitor web applications?

ThelmaJ · ‎07-13-2022

Hello,

I'm new working with Splunk and I want to create reports and email notification to me when any systems go down. Can any of you help me with any search string for that?

Thank you!

Thelma

VatsalJagani · ‎07-13-2022

@ThelmaJ - There could be multiple ways to do that.

One way is if you are monitoring log files from the web application then you can do something like the below:

index=<your-index> sourcetype=<web-logs-sourcetype>
| stats count by host
| append [| inputlookup list_of_web_server_host_names.csv | eval count=0]
| stats sum(count) as count by host
| where count=0

You can run this alert every 15 minutes or 1 hour depending on the requirement.

If the host did not send any logs then you can get an alert.

This is one of the way, but depending on what setup you have there could be lot of ways you can achieve the same.

I hope this helps!!!

ThelmaJ · ‎07-15-2022

Thank you!

Could you share another way to do that?

I appreciate your help.

Thank you,

Thelma

VatsalJagani · ‎07-17-2022

If you have a log that tells "Service is shutting down", then you can create an alert on that.

How create reports to monitor web applications?

using Splunk Cloud

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest