Re: How do I create alert for load balancing on ho...

shashank_24 · ‎06-29-2020

Hi, I want to create an alert to check the traffic on my tomcat servers and triggers it based on the count or percentage. I have this simple query which gives me the idea that around 1 PM the load on server 4 (red line )was significantly reduced and then it went to zero in next couple of hours. Please find the image attached.

How can i set up an alert which should trigger if this type of condition occurs.

index="myindex" sourcetype=access_combined_wcookie 
| timechart span=1h count by host

Let me know if someone can advice, It will be a great help.

anilchaithu · ‎06-29-2020

@shashank_24

add where command to SPL to filter out the threshold value.

index="myindex" sourcetype=access_combined_wcookie 
| timechart span=1h count by host 
| where count > (your threshold value)

run the search to validate the results and saveas -> alert. You should give name, schedule time etc to save the alert

shashank_24 · ‎06-29-2020

@anilchaithu Not really. So I don't have any threshold value. What I am looking for is I have 4 servers who behaves as per load balancing. So if the load balancing doesn't work OR if there is any problem with one server (server 4 red line) then the traffic gets redirected to other servers.

I want to trigger an alert based on that. There is no threshold value. The condition should be when once server starts receiving less traffic compared to others.

How do I create alert for load balancing on hosts

using Splunk Enterprise

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability