Hi,
Is there a way to notify if any splunk components were restarted. For Example-Deployment servers, Search heads etc.. were restarted and an user needs to be notified. Thanks in advance.
Regards,
Sunith
If I understood you question properly, do you want to know when the splunk service(splunkd) is restarted? If so this information is under _audit log
run this query : index=_audit action=restart_splunkd
you can create an alert to be notified when this happen.
Hello Ivan,
Thanks for your prompt reply. Yes this answers my query.
If I understood you question properly, do you want to know when the splunk service(splunkd) is restarted? If so this information is under _audit log
run this query : index=_audit action=restart_splunkd
you can create an alert to be notified when this happen.