How do I create alert for load balancing on hosts

shashank_24 · ‎06-29-2020

Hi, I want to create an alert to check the traffic on my tomcat servers and triggers it based on the count or percentage. I have this simple query which gives me the idea that around 1 PM the load on server 4 (red line )was significantly reduced and then it went to zero in next couple of hours. Please find the image attached.

How can i set up an alert which should trigger if this type of condition occurs.

index="myindex" sourcetype=access_combined_wcookie 
| timechart span=1h count by host

Let me know if someone can advice, It will be a great help.

anilchaithu · ‎06-29-2020

@shashank_24

add where command to SPL to filter out the threshold value.

index="myindex" sourcetype=access_combined_wcookie 
| timechart span=1h count by host 
| where count > (your threshold value)

run the search to validate the results and saveas -> alert. You should give name, schedule time etc to save the alert

shashank_24 · ‎06-29-2020

@anilchaithu Not really. So I don't have any threshold value. What I am looking for is I have 4 servers who behaves as per load balancing. So if the load balancing doesn't work OR if there is any problem with one server (server 4 red line) then the traffic gets redirected to other servers.

I want to trigger an alert based on that. There is no threshold value. The condition should be when once server starts receiving less traffic compared to others.

How do I create alert for load balancing on hosts

using Splunk Enterprise

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?