- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Splunk - Everyday checks to make sure everything i...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk - Everyday checks to make sure everything is working fine.
Hi,
I am new to Splunk. I have an environement with devices sending Syslogs and some ESX hosts.
I would like check that everything is working fine and Splunk is doing what it supposed to be doing. If so which things I need to check? I am trying to put down a list of things that needs to be checked on daily basis.
Also my installation is Windows? Does this mean I don't have command line access to the configuration files same as in the Linux installation?
Thanks
Indika
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thanks for the replies and the time taken for this.Currently I chceck the licensing and if any violations. Also to make sure designated end points are sending the logs through I am checking the indexes under the manager so it shows current date and time for the updates it has done. That way I know indexing is fine.
How do I do a Splunk backup? Since my installation a windows one can I do a net backup using any other external tools? Thatway It includes the Splunk config and indexes as well?
I am planning to create dashboard for each and every end point that I am monitoring currently. [there are about 15] So that way I can see what's working and what's not sending logs through at a glance.
Do you guys have any other ideas that can help me. Surely I will have a look at deployment monitor and Splunk app as well.
Thanks
Indikaw
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should definately look at the Splunk on Splunk App for your deployment.
In terms of CLI access on Windows, the functionality isn't as extensive as on a Linux machine. You can use the "help" command to display (admin's have more available commands here). You can "cd" to your Splunk directory (e.g. cd "C:\Program Files\Splunk"). You can use "type" or "more" to view the file on the command-line. You can append strings using the "echo" command (e.g. echo hello >> someFile.txt). As far as I know you can not edit the files content from command line (by default), so you can open Notepad from the CLI using the "notepad" command (e.g. notepad someFile.txt). Apparently some versions of Windows still include the edit command, but I think this is not the case with x86_64 systems (please correct me if I'm wrong).
There are obivously extra executables you can add which include functionality that can be achieved on nix systems. for example Vim (http://www.vim.org/download.php).
You can also look at Cygwin, which I have seen in many enterprise cases, where there is a need for Windows servers, but the preference is to use a nix like system.
Hope this helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is a very open question, it really depends what you want to check as there are many features of Splunk. Take a look at the Splunk on Splunk application or the Deployment Monitor application. Maybe they will tick your requirements. You can use command prompt on Windows platforms to "cd" to the splunk bin directory and run any commands just like on a *Nix machine.
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
