Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

check server is up or not

manjuase
Explorer
‎07-24-2017 11:01 PM

I have a lookup with the details of server and I want to check whether that servers are up or not. if not i have to send an email.

In my case pingstatus app is not working so i want some other methods which is not using ping command.

Thanks in advance

Tags (1)
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-25-2017 12:14 AM

Hi manjuase,
do you want to monitor up or down server status or specified services?
Because if you want to check server status, you could use Splunk internal logs (index=_internal host=your_host).
If instead you want to test specified services, you should use a script based on ps command (if linux) or Windows processes and check active processes comparing them with a processes lookup.
To find scripts see TA_Linux or TA_Windows.
Bye.
Giuseppe

0 Karma
Reply

manjuase
Explorer
‎07-25-2017 12:22 AM

Hi cusello ,

Thanks for your reply..I want to check the server status only..

So you are saying that in "_Internal" index if am not seeing the server for which i want to check the status..then that server is down..right ?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-25-2017 12:28 AM

Hi manjuase,
I imagine that you have a Universal Forwarder installed and running on your server.
This means that Splunk UF is sending its logs to a Splunk Enterprise instance.
Using that search you can monitor if server is up or not and eventually send an alert (really you're testing Splunk Forwarder status, but UF is running on server!).

Bye.
Giuseppe

0 Karma
Reply

manjuase
Explorer
‎07-25-2017 12:40 AM

Hi cusello,

Yeah i agree with your point ...from the internal index we can say if UF is running or not.. In case if server is running and UF is not running , we can't find that server in _internal index right?..So here we can't say server is down..here UF is down..

I want to check the status of server not the status of UF.

Do you have any idea on this ?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-25-2017 12:53 AM

Hi manjuase,
Yes but if your UF is down you lose every chance to monitor your server, so if server is up and UF is down I think it's a problem to immediately solve!
I suggest to use this way.
Anyway, you could test active processes on your server using a script based on linux ps command (see TA_Linux), but UF must be running so it's the previous case.

Bye.
Giuseppe.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...