Sometimes we see our JBoss process running but really not functional. The indication is that the log file has not updated for a while. I have the following Splunk search to monitor the log for this condition. Is there any better way to track this ? Planning to run this every 5 minutes or so.
index=jboss_prod
| eval lastseen=strftime(_time, "%b %d %Y %H:%M:%S")
| eval since=now()-_time
| rename last(lastseen) as "Last updated on"
| where since >210
| search sourcetype=log4j
| table host , source,lastseen,since
| dedup host , source
| stats last(lastseen) by host , source,since
Thanks in advance
Radhak
Hi - I added this post - If you find it useful, please upvote the answer, or add your own solution if you found another way!
https://answers.splunk.com/answers/606762/how-do-i-monitor-jbosstomcatapacheetc-and-raise-an.html