Splunk Enterprise Security

How to write a search to alert if our Splunk Enterprise Security search head goes down?

splunker9999
Path Finder

Hi ,

We are looking to create an alert if for any reason a search head went down. This is for our Splunk Enterprise Security search head, since we have only one search head is available in our environment, we are looking to create an alert if the ES search head goes down.

Thanks

0 Karma

ddrillic
Ultra Champion

We use - | rest splunk_server=local /services/search/distributed/peers/ | where status!="Up" | fields peerName, status | rename peerName as Instance, status as Status

0 Karma

splunker9999
Path Finder

This is for search peers correct? can we use the same for search head,as we are looking for SH.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...