Splunk only knows what your logs tell it. Please don't make the mistake of thinking Splunk is a monitoring system, its not. If your application logs some kind of damage pattern when it fails, use that. Unfortunately this question is too broad to answer in every case as applications and outage tolerance varies in every environment.
Your application engineers should be able to tell you what an outage pattern looks like, then craft your searches/alerts to look for that.
... View more