Solved: How to generate a search to find out hosts in Splu...

kteng2024 · ‎01-25-2017

Can i please know the search to find out the hosts in Splunkd that have restarted or has " splunkd started Conf mutator lockfile has disappeared error " in splunkd_stderr.log on forwarder?

hunters_splunk · ‎01-26-2017

Hi kteng2024,

Here are a couple of searches that may help you:

When did Splunk last crash?

index=_internal sourcetype=splunkd_crash_log | stats count by host

All Splunk restarts based on loader

index=_internal sourcetype=splunkd loader message=*xml

Hope this helps. Thanks!
Hunter

View solution in original post

aaraneta_splunk · ‎02-11-2017

@kteng2024 - Did the answer provided by hunters help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

hunters_splunk · ‎01-26-2017

Hi kteng2024,

Here are a couple of searches that may help you:

When did Splunk last crash?

index=_internal sourcetype=splunkd_crash_log | stats count by host

All Splunk restarts based on loader

index=_internal sourcetype=splunkd loader message=*xml

Hope this helps. Thanks!
Hunter

How to generate a search to find out hosts in Splunkd that have restarted?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life