Getting Data In

Is there a way to know if Splunk is operating 90% of the time ?

maryamchar
Explorer

I found that Splunk Monitor System health can check health of Splunk and check if it's monitoring or not. However, i wasn't able to use it with my current license. So, is there another way to check if Splunk is monitoring most of the time and working ? If yes please provide me with links of explanation with steps.

Also, I don't understand the main purpose of Master Node Dashboard, is this a way to check if Splunk monitoring ?

Thank you in advance!

0 Karma
1 Solution

nilbak1
Communicator

Hi @maryamchar

Yes, you can monitor splunk health via rest
You can refer this answer for the splunk query

https://answers.splunk.com/answers/589489/how-to-get-instance-health-via-splunk-query.html#answer-59....

But, here again this query will work from DMC server only because from one search head you can't run rest query of other heads, cluster master, deployment server.

Regarding, master node dashboard, its basically
The Indexer Clustering: Status dashboard in DMC which provides information on the state of our cluster.
The Indexer Clustering: Service Activity dashboard in DMC which provides information on matters such as bucket-fixing activities and warnings and errors.

So master node dashboard just provides the limited ovewview of DMC as DMC is a rich source of information about compelete Splunk Enterprise deployment. You can refere below document for more information.
https://docs.splunk.com/Documentation/Splunk/7.2.0/DMC/WhatcanDMCdo

Hope this answers your question 🙂

View solution in original post

0 Karma

nilbak1
Communicator

Hi @maryamchar

Yes, you can monitor splunk health via rest
You can refer this answer for the splunk query

https://answers.splunk.com/answers/589489/how-to-get-instance-health-via-splunk-query.html#answer-59....

But, here again this query will work from DMC server only because from one search head you can't run rest query of other heads, cluster master, deployment server.

Regarding, master node dashboard, its basically
The Indexer Clustering: Status dashboard in DMC which provides information on the state of our cluster.
The Indexer Clustering: Service Activity dashboard in DMC which provides information on matters such as bucket-fixing activities and warnings and errors.

So master node dashboard just provides the limited ovewview of DMC as DMC is a rich source of information about compelete Splunk Enterprise deployment. You can refere below document for more information.
https://docs.splunk.com/Documentation/Splunk/7.2.0/DMC/WhatcanDMCdo

Hope this answers your question 🙂

0 Karma

maryamchar
Explorer

Thank you!!!
The link you provided me with query didn't work for me. Is there any other easy way to check if Splunk monitoring all the time ? Again thank you!

0 Karma

nilbak1
Communicator
| rest splunk_server=local /services/search/distributed/peers | rename title as peerURI  | join type=outer peerURI [| rest splunk_server=local /services/server/info | eval peerURI = "localhost" | eval status = "Up"]  | eval status = if(status == "Up", status, "Unreachable") | eval OS = os_name | eval ram = round(physicalMemoryMB / 1024, 2)." GB" | fields host, server_roles, OS, numberOfCores, ram, version, status| sort status, host| rename host as Instance, server_roles as Role, numberOfCores as "Cores", ram as RAM, version as Version, status as Status

This query is working fine for me.
What issues are you facing while running above query.
Did you ran this in DMC ?

0 Karma

maryamchar
Explorer

Yes i tried it on DMC. This is the error i'm getting
REST Processor: Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/search/distributed/peers?count=0 from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...