Reporting

how to generate splunk availability report

dhariniu
New Member

how to generate a report on availability of splunk services like indexing ,.

we have a requirement to submit the availability report of splunk for the past 6 months .
how to do that ? is it correct way to check the availability of splunk using the status of indexing?

Kindly explain

Tags (1)
0 Karma

jtrucks
Splunk Employee
Splunk Employee

It is only possible if you've logged these things with some tool or Splunk app that has measured availability in a way that meets your organization's definition of availability.

Perhaps you can look at the average time period between _internal or introspection log entries and see if some time period is beyond that by some number of standard deviations. However, this is not a guarantee of whether Splunk was available based on your organization's definition during the time periods where there are logs entries without indications of errors that may mean Splunk is not operating correctly, nor does it guarantee that Splunk was not available based on your organization's definition during any time periods that fall outside those number of standard deviations of silence/lack of logs.

Therefore, if you haven't gathered metrics to show operational efficacy of any service, including Splunk, it is extremely difficult, or simply impossible, to provide any availability reporting that would withstand any level of auditing or close scrutiny. I wouldn't bet an SLA on it without having a sound metrics gathering and reporting methodology in place from the start.

--
Jesse Trucks
Minister of Magic

dhariniu
New Member
  • its a multihost environment
  • from the splunk search, i would like to generate the availability report -i.e for a month whats the percentage availability of indexing, splunk web etc.,

is it possible

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The first step is defining what it means to be "available". The status of just the indexer(s) is probably not sufficient. Depending on how you use Splunk, being available could mean splunkweb is running or only splunkd. The calculation becomes more complex if you're in a multi-host environment. Also, even if Splunk is running it may not be considered "available" if users can't get to it so you have to factor in the network.

---
If this reply helps you, Karma would be appreciated.
0 Karma

jtrucks
Splunk Employee
Splunk Employee

Do you have any apps like Splunk on Splunk (S.O.S.), *Nix (or Windows) to monitor the system running Splunk, or any other mechanism to monitor your systems running Splunk?

What are the specific requirements to measure availability in your environment?

--
Jesse Trucks
Minister of Magic
0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...