Who will watch the watchmen.
You may want to use a third party script or tool to check that the splunkd process is up and running
a simple /opt/splunk/bin/splunk status
should do the trick
or a search on last 5 minutes
/opt/splunk/bin/splunk search "earliest=-5m index=* | stats count | eval status=if(count>0,'OK','ERROR')" -auth user:password
or a separate search-head, checking the number of events.
those have to used in a script that will check the result
If you want to check if the process is running, then you need a ps script or a monitor. please contact your system administrator, this is his job.
What does this: /opt/splunk/bin/splunk search "earliest=-5m index=* | stats count | eval status=if(count>0,'OK','ERROR')" -auth user:password
Do? and if I turn this into a script that checks for it, will this do the trick?