Alerting

What's the best way to create an alert to tell whether a Windows Server is up or down?

mrtolu6
Path Finder

What's the best way to create an alert to tell whether a Windows Server is up or down?

Can you provide an example of a search query or script I can use to tell if a Windows Server is up or down. I understand I can use the Windows event code, but would it work if a server goes down? Or would I get that alert after the server has booted back up?? I'm looking for the best way to set up an up or down status alert for Windows server.

0 Karma

sundareshr
Legend

This is by means a reliable Up/Down indicator. This will only alert you if Splunk indexer has not received data from a specific host in over 15 min.

| metadata type=hosts index=* | where now()-lastTime>=(60*15) | table host lastTime | eval lastTime=strftime(lastTime, "%c")

For a better UP/DOWN alert, you could use something like this https://gallery.technet.microsoft.com/scriptcenter/Get-Ping-status-along-with-bd579238 , or better yet, splunk the results from this script and use splunk to alert. You can then report on trends etc.

0 Karma

PPape
Contributor

there are several ways to do this.
you could fire a script that telnets the host on a port and reports the answer....

Or (and this is what i would do) if you are gathering data from this host in a regular intervall i would watch if there are enogh events from the host in a decent amount of time. Like, if there are less or none this could be an indicator for an not running system.

Create a base search that populates the gathered events for the host you want to monitor. And than create an Alert

alt text

0 Karma

mrtolu6
Path Finder

I guess my question is, can you provide an example of a search query or script I can use to tell if a Windows Server is up or down. I understand I can use the Windows event code, but would it work if a server goes down? Or would I get that alert after the server has booted back up?? I'm looking for the best way to set up an up or down status alert for windows server. Please provide examples. Thank you

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...