Splunk Enterprise Security

How do I configure alerts for devices not reporting information to Splunk?

New Member

I was wondering how to implement some kind of alert inside Splunk to identify those devices that have stopped sending remote syslogs to Splunk platform.

I will have a more proactive alert than the one I have at this moment. I am checking, for example, every 24 hours that no alert was sent by the device. But my question is, is there is any solution, like hearbeat or Keep-alive solution, for checking to see if I have problems with communication between the device originating the log and the Splunk infrastructure? I will appreciate any idea on how to implement a solution for this problem.

Thanks a lot!

0 Karma

0 Karma
Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...