Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

check server is up or not

manjuase
Explorer
‎07-24-2017 11:01 PM

I have a lookup with the details of server and I want to check whether that servers are up or not. if not i have to send an email.

In my case pingstatus app is not working so i want some other methods which is not using ping command.

Thanks in advance

Tags (1)
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-25-2017 12:14 AM

Hi manjuase,
do you want to monitor up or down server status or specified services?
Because if you want to check server status, you could use Splunk internal logs (index=_internal host=your_host).
If instead you want to test specified services, you should use a script based on ps command (if linux) or Windows processes and check active processes comparing them with a processes lookup.
To find scripts see TA_Linux or TA_Windows.
Bye.
Giuseppe

0 Karma
Reply

manjuase
Explorer
‎07-25-2017 12:22 AM

Hi cusello ,

Thanks for your reply..I want to check the server status only..

So you are saying that in "_Internal" index if am not seeing the server for which i want to check the status..then that server is down..right ?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-25-2017 12:28 AM

Hi manjuase,
I imagine that you have a Universal Forwarder installed and running on your server.
This means that Splunk UF is sending its logs to a Splunk Enterprise instance.
Using that search you can monitor if server is up or not and eventually send an alert (really you're testing Splunk Forwarder status, but UF is running on server!).

Bye.
Giuseppe

0 Karma
Reply

manjuase
Explorer
‎07-25-2017 12:40 AM

Hi cusello,

Yeah i agree with your point ...from the internal index we can say if UF is running or not.. In case if server is running and UF is not running , we can't find that server in _internal index right?..So here we can't say server is down..here UF is down..

I want to check the status of server not the status of UF.

Do you have any idea on this ?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-25-2017 12:53 AM

Hi manjuase,
Yes but if your UF is down you lose every chance to monitor your server, so if server is up and UF is down I think it's a problem to immediately solve!
I suggest to use this way.
Anyway, you could test active processes on your server using a script based on linux ps command (see TA_Linux), but UF must be running so it's the previous case.

Bye.
Giuseppe.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...