Splunk Search

check server is up or not

manjuase
Explorer

I have a lookup with the details of server and I want to check whether that servers are up or not. if not i have to send an email.

In my case pingstatus app is not working so i want some other methods which is not using ping command.

Thanks in advance

Tags (1)

gcusello
SplunkTrust
SplunkTrust

Hi manjuase,
do you want to monitor up or down server status or specified services?
Because if you want to check server status, you could use Splunk internal logs (index=_internal host=your_host).
If instead you want to test specified services, you should use a script based on ps command (if linux) or Windows processes and check active processes comparing them with a processes lookup.
To find scripts see TA_Linux or TA_Windows.
Bye.
Giuseppe

0 Karma

manjuase
Explorer

Hi cusello ,

Thanks for your reply..I want to check the server status only..

So you are saying that in "_Internal" index if am not seeing the server for which i want to check the status..then that server is down..right ?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi manjuase,
I imagine that you have a Universal Forwarder installed and running on your server.
This means that Splunk UF is sending its logs to a Splunk Enterprise instance.
Using that search you can monitor if server is up or not and eventually send an alert (really you're testing Splunk Forwarder status, but UF is running on server!).

Bye.
Giuseppe

0 Karma

manjuase
Explorer

Hi cusello,

Yeah i agree with your point ...from the internal index we can say if UF is running or not.. In case if server is running and UF is not running , we can't find that server in _internal index right?..So here we can't say server is down..here UF is down..

I want to check the status of server not the status of UF.

Do you have any idea on this ?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi manjuase,
Yes but if your UF is down you lose every chance to monitor your server, so if server is up and UF is down I think it's a problem to immediately solve!
I suggest to use this way.
Anyway, you could test active processes on your server using a script based on linux ps command (see TA_Linux), but UF must be running so it's the previous case.

Bye.
Giuseppe.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...