Monitoring Splunk

DMC - Show Health Check results for more than 100 instances

burras
Communicator

Our current Splunk deployment is around 300 servers. We have all of those systems in our DMC and our able to get data from them successfully. However, when running the Health Checks it only ever checks 100 systems, not the full spectrum of our systems. Is there a way to change the Health Checks so that they'll work on any number of Splunk instances that meet the DMC group requirements instead of limiting it to 100? The primary check I've been working with is the Assessment of Server ulimits since that checks all servers globally.

I've checked through some of the searches in the health checks and can't find anything there that specifically limits them to 100.

We're currently running 6.6.1 on the DMC and the other Splunk instances.

0 Karma
1 Solution

burras
Communicator

This is currently not supported. An enhancement request has been submitted to Support.

View solution in original post

0 Karma

burras
Communicator

This is currently not supported. An enhancement request has been submitted to Support.

0 Karma

bshuler_splunk
Splunk Employee
Splunk Employee

The searches for the health check are visible in the job inspector.

Look and see if the searches are returning all of the data... Maybe it is simply a display issue.

0 Karma

burras
Communicator

I checked the job inspector and I see that it definitely looks like it's hitting all of the servers - I see the remoteSearchLogs for all of the appropriate systems and invocation counts look accurate and expected. The resultCount in the inspector shows 235 (which is pretty accurate) - it just only shows results of 100 in the display.

0 Karma

bshuler_splunk
Splunk Employee
Splunk Employee

I would
1) Use the job inspector to make sure your systems are OK. It isn't ideal, but it works
OR
2) Use instance grouping to run the health check on groups that are less than 100

Also, if this is a feature you want to see ( or you consider it a bug ) either way, reach out to support. They can make sure your voice is heard.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...