Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are the steps to perform as sanity checks after Splunk Indexer restart?

SudhaP54
Engager
‎12-23-2021 01:36 AM
 
Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎12-23-2021 10:34 AM
In distributed environment you should have MC (monitoring console) set up. Then you can use it to see that everything is ok, it also give you a warning when any peer is down or there are any issues (previously defined in MC).
r. Ismo

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎12-23-2021 10:34 AM
In distributed environment you should have MC (monitoring console) set up. Then you can use it to see that everything is ok, it also give you a warning when any peer is down or there are any issues (previously defined in MC).
r. Ismo
0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎12-23-2021 04:54 AM

I would run some searches from the search head to make sure indexers are returning results.

Like -> index=* | dedup sourcetype, splunk_server | table sourcetype, splunk_server

Make sure the splunk_server field mentions all the indexers that you have.

Also, run search -> index=_internal -> in all-time real-time and check for the splunk_server field to make sure that all the indexers are ingesting the new data coming to Splunk as expected.

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...