Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to generate a search to find out hosts in Splunkd that have restarted?

kteng2024
Path Finder
‎01-25-2017 08:45 PM

Can i please know the search to find out the hosts in Splunkd that have restarted or has " splunkd started Conf mutator lockfile has disappeared error " in splunkd_stderr.log on forwarder?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-26-2017 12:10 AM

Hi kteng2024,

Here are a couple of searches that may help you:

When did Splunk last crash?

index=_internal sourcetype=splunkd_crash_log | stats count by host

All Splunk restarts based on loader

index=_internal sourcetype=splunkd loader message=*xml

Hope this helps. Thanks!
Hunter

View solution in original post

Reply
Solved! Jump to solution

aaraneta_splunk
Splunk Employee
Splunk Employee
‎02-11-2017 07:54 PM

@kteng2024 - Did the answer provided by hunters help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

0 Karma
Reply
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-26-2017 12:10 AM

Hi kteng2024,

Here are a couple of searches that may help you:

When did Splunk last crash?

index=_internal sourcetype=splunkd_crash_log | stats count by host

All Splunk restarts based on loader

index=_internal sourcetype=splunkd loader message=*xml

Hope this helps. Thanks!
Hunter

Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...