Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

CRON ISSUE

jip31
Motivator
‎05-28-2018 05:20 AM

Hi

I use a PowerShell script in my SPL command in order to check the ping status of different machines
It works but i think results are not good
i expain : when i launch my SPL command i have machines in offline status or in online status. Normal
but when i m launching the PowerShell alone in the same time a machine can be offline in splunk but online with PowerShell!
the cron i use for executing the PowerShell is */1 * * * *
what i have to do in order to have the same results please??

Tags (2)
0 Karma
Reply

DalJeanis
Legend
‎06-30-2018 08:29 PM

I don't see any reason to assume that it is a cron issue. I would start by determining at some exact time where splunk says the machine is in one state and Powershell says it is a different state. Note whether it is always one direction, or whether it goes both ways.

There is at least one potential condition in each direction where differences would be valid :

1) If the machine is online but splunk is offline on that machine, then a ping will reach the machine, but splunk will not consider the machine to be up.
2) If the OS executing the ping has lost connectivity to the network, but Splunk has NOT lost connectivity to the network, then the machine will not show as online to the OS but will show online to Splunk.

There are a dozen more scenarios that might happen, depending on the particulars of your configuration. Please post more details, but first verify, in some examples where the detected states differed, verify exactly how the two systems might believe that the system was down at that moment, and see whether it was.

0 Karma
Reply

woodcock
Esteemed Legend
‎06-30-2018 07:36 PM

We need more details. Show inputs.conf and your searches.

0 Karma
Reply

Rob2520
Communicator
‎06-30-2018 03:27 PM

How often do you want to run the script?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...