Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I create alert for load balancing on hosts

shashank_24
Path Finder
‎06-29-2020 02:55 AM

Hi, I want to create an alert to check the traffic on my tomcat servers and triggers it based on the count or percentage. I have this simple query which gives me the idea that around 1 PM the load on server 4 (red line )was significantly reduced and then it went to zero in next couple of hours. Please find the image attached.

How can i set up an alert which should trigger if this type of condition occurs.

 

index="myindex" sourcetype=access_combined_wcookie 
| timechart span=1h count by host

 

shashank_24_1-1593424219748.png

Let me know if someone can advice, It will be a great help.

Labels (1)
Labels
0 Karma
Reply

anilchaithu
Builder
‎06-29-2020 06:38 AM

@shashank_24 

add where command to SPL to filter out the threshold value.

index="myindex" sourcetype=access_combined_wcookie 
| timechart span=1h count by host 
| where count > (your threshold value)

run the search to validate the results and saveas -> alert. You should give name, schedule time etc to save the alert 

0 Karma
Reply

shashank_24
Path Finder
‎06-29-2020 07:05 AM

@anilchaithu Not really. So I don't have any threshold value. What I am looking for is I have 4 servers who behaves as per load balancing. So if the load balancing doesn't work OR if there is any problem with one server (server 4 red line) then the traffic gets redirected to other servers.

I want to trigger an alert based on that. There is no threshold value. The condition should be when once server starts receiving less traffic compared to others.

0 Karma
Reply
Get Updates on the Splunk Community!

Blueprints for High-Maturity Operations: Splunk Lantern Articles on SOAR, ES 8.4, ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Simplifying the Analyst Experience with Finding-based Detections

    Splunk invites you to an engaging Tech Talk focused on streamlining security operations with ...

[Puzzles] Solve, Learn, Repeat: Word Search

This challenge was first posted on Slack #puzzles channelThis puzzle is based on a letter grid containing ...