- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Is there a way to notify if any splunk components were restarted. For Example-Deployment servers, Search heads etc.. were restarted and an user needs to be notified. Thanks in advance.
Regards,
Sunith
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

If I understood you question properly, do you want to know when the splunk service(splunkd) is restarted? If so this information is under _audit log
run this query : index=_audit action=restart_splunkd
you can create an alert to be notified when this happen.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Ivan,
Thanks for your prompt reply. Yes this answers my query.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

If I understood you question properly, do you want to know when the splunk service(splunkd) is restarted? If so this information is under _audit log
run this query : index=_audit action=restart_splunkd
you can create an alert to be notified when this happen.
