Dashboards & Visualizations

Feeds , index dashboard

ecanmaster
Explorer

Is there a dashboard out here which can show the status of the indexes and feeds, health etc.?
I am looking particularly for feeds that don't come in on indexes or sourtypes, looking for thus for things that go wrong

Tags (1)
0 Karma

naidusadanala
Communicator
0 Karma

mayurr98
Super Champion

Then try this :

| tstats count where index=* by index sourcetype host | where count=0 

OR

index=* | stats count by index host | where count=0

Run this search for today And see which hosts are not sending data.
Keep the fields you want using | fields your_field Command
Let me know if this helps you

0 Karma

ecanmaster
Explorer

Unfortunatly, that's not what I need exaclty,

I need to know which index or source is inactive, offline (no data received) also need to know how many hosts are sending the data to the index/sourcetype , or even better which hosts are not sending data anymore to the index/sourcetype.

0 Karma

nikita_p
Contributor

Hi @ecanmaster,
You can also check status of your indexes in splunk monitoring console.
Also if you go to setting -> indexer clustering in your deployment server, you will get status of all your indexes.

Also you can check below splunk docs which explain what monitoring console can do.
https://docs.splunk.com/Documentation/Splunk/7.0.1/DMC/WhatcanDMCdo

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...