Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

monitor to check whether the logging (receiving) is working or not !!!

basilboon
New Member
‎02-07-2013 05:48 AM

Hi Splunk Team,

First of all you got a great app !! Thanks for that !!

My master Splunk has setup correctly and forwards logs to another active splunk. Yesterday when checked the log receiving has been stopped because of the disk space in the server. It got fixed after increasing the disk space.

Now the thing is, we are trying to setup a monitor using our tool (ICINGA) just to check whether the log receiving is up to date.

Is there any command to show whether the logs are up to date ?

Let me know if you need more information.

Regards,
Basil

Tags (2)
0 Karma
Reply

basilboon
New Member
‎02-08-2013 12:06 AM

Hi Daniels,

Thanks for your reply.

The exact thing I want is to write a shell script (bash) to monitor whether the logging is working properly. The script will run in every five min and get the data (some how via shell) and send the mail to a distribution list, if only the logging is not working for the past one hour or so.

Just wanna know if there is any commands to identify this from back end (server console).

Regards,
Basil

0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎02-07-2013 06:31 AM

Check out this previous Splunkbase answer. You can create an alert based on that search. You'll just need to adjust the time to be 'age > somenumber' in seconds. The example below is checking to see if there are any hosts that haven't sent events in the last two days. If the search comes up empty it means you are ok. If you get a values you can alert on them to let you know which hosts might be having issues sending data to Splunk.

http://splunk-base.splunk.com/answers/3181/how-do-i-alert-when-a-host-stops-sending-data

| metadata index=main type=hosts | eval age = now()-lastTime | where age > (2*86400) | sort age d | convert ctime(lastTime) | fields age,host,lastTime

0 Karma
Reply

basilboon
New Member
‎02-08-2013 12:06 AM

Hi Daniels,

Thanks for your reply.

The exact thing I want is to write a shell script (bash) to monitor whether the logging is working properly. The script will run in every five min and get the data (some how via shell) and send the mail to a distribution list, if only the logging is not working for the past one hour or so.

Just wanna know if there is any commands to identify this from back end (server console).

Regards,
Basil

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...