- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Splunk Server
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If my Splunk is installed on an server & the server is down how will i tackle this problem in real time.
Any help is Appreciated,
Cheers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
can you be a little bit more detailed, please? which server are you using? when is the server going down? What does mean the server is going down?
br
Matthias
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It depends. Obviously no data will be indexed while the server is down. Splunk Universal Forwarders can buffer events for a time until the server is back up. Other applications that send events to Splunk may or may not buffer events. Some Splunk apps (like DB Connect) should pick up where they left off, however others may not.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
can you be a little bit more detailed, please? which server are you using? when is the server going down? What does mean the server is going down?
br
Matthias
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
from their you can start then to create reports + alerts. so in case similar error messages or behavior occurs (more/less events, streamstats, stats, eval statements!) you want to get a notification.
however - IIS does not crash because there is the default default website of microsoft. IIS crashes because the application or website on it has some issues - so that is the good way why with splunk you're flexible to create such a monitoring instead as no vendor will now your IIS application 😉
br
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
you have installed a Splunk Forwarder on your IIS Server and you're collecting from IIS Logs. And you want to detect in advance in case your ISS is going down or stops to work based on the machine data.
so there are different ways and that is a learning curve in your environment. potentially you have for this already historical record of data.
First: Collect all the data
Secondly: Investigate and review
--> That is what you're asking. Review the activity from the last outages and see what was in the log. is there something which indicates this outage? Maybe different error messages?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I meant,my Splunk is installed on IIS Server is there a way by using Alerting/monitoring that i can get to know the server is down such as can it send any message before it is down.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
