Solved: Re: How to generate a search to find out hosts in ...

kteng2024 · ‎01-25-2017

Can i please know the search to find out the hosts in Splunkd that have restarted or has " splunkd started Conf mutator lockfile has disappeared error " in splunkd_stderr.log on forwarder?

hunters_splunk · ‎01-26-2017

Hi kteng2024,

Here are a couple of searches that may help you:

When did Splunk last crash?

index=_internal sourcetype=splunkd_crash_log | stats count by host

All Splunk restarts based on loader

index=_internal sourcetype=splunkd loader message=*xml

Hope this helps. Thanks!
Hunter

View solution in original post

aaraneta_splunk · ‎02-11-2017

@kteng2024 - Did the answer provided by hunters help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

hunters_splunk · ‎01-26-2017

Hi kteng2024,

Here are a couple of searches that may help you:

When did Splunk last crash?

index=_internal sourcetype=splunkd_crash_log | stats count by host

All Splunk restarts based on loader

index=_internal sourcetype=splunkd loader message=*xml

Hope this helps. Thanks!
Hunter

How to generate a search to find out hosts in Splunkd that have restarted?

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?