Skip to main content

Monitoring Splunk Enterprise

Hands-On Lab

 

Photo of Myles Young

Myles Young

BigData Training Architect II in Content

Length

02:00:00

Difficulty

Intermediate

Wether you have built your own Splunk instance(s) or inherited one, knowing how to monitor your instance(s) and machine(s) is vital to administrating a well-oiled Splunk service with great reliability. In this hands-on lab, you are given the opportunity to exercise the following: Use the Monitoring Console to check resource usage of a Splunk instance and the machine it resides on Enable resource usage alerts so you are notified when a threshold is breached Modify a resource usage alert to use your preferred threshold value Perform a comprehensive health check on a Splunk instance

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Monitoring Splunk Enterprise

Introduction

Wether you have built your own Splunk instance(s) or inherited one, knowing how to monitor your instance(s) and machine(s) is vital to administrating a well-oiled Splunk service with great reliability. In this hands-on lab, you are given the opportunity to exercise the following:

  • Use the Monitoring Console to check resource usage of a Splunk instance and the machine it resides on
  • Enable resource usage alerts so you are notified when a threshold is breached
  • Modify a resource usage alert to use your preferred threshold value
  • Perform a comprehensive health check on a Splunk instance

Instructions

You are a system administrator who recently inherited a Splunk instance. As the new owner of this system, you want to make sure everything is in order. To ensure the health and working order of the Splunk instance, you will need to use the Monitoring Console to check resource usage for both the Splunk instance and the machine it is running on. Next, you want to enable the "Critical System Physical Memory Usage" and "Near Critical Disk Usage" alerts so that you are notified if these usage thresholds are every breached. Lastly, you will want to perform a comprehensive health check on the Splunk instance and make note of any warnings that you may need to address later.

To log in to your Splunk Web Console, you can browse to your cloud server's public IP address and the default web console port 8000 in your web browser. You can then log in as an administrator with the following credentials:

  • Username: admin
  • Password: $p|unkEnt3rpr!$e

Solution

Log in to the Splunk web console with the credentials provided in the instructions

In your browser, go to http://your_public_ip and log in as the admin user with password $p|unkEnt3rpr!$e.

Browse to the monitoring console and observe the instance and machine resource usage dashboards

  1. In the web console, go to Settings > Monitoring Console.

  2. From the Monitoring Console, click on Resource Usage > Resource Usage: Instance.

  3. From the Monitoring Console, click on Resource Usage > Resource Usage: Machine.

Enable the "Critical System Physical Memory Usage" alert

  1. From the Monitoring Console, click on Settings > Alerts Setup.

  2. Click the Enable button on the "Critical System Physical Memory Usage" tile.

Enable the "Near Critical Disk Usage" alert but change the alert threshold to 90%

  1. Click the Edit button on the "Near Critical Disk Usage" tile.

  2. Enter in 90 for the Disk Usage (Percentage) value and click Save.

  3. Click the Enable button on the "Near Critical Disk Usage" tile.

Run a comprehensive health check on the Splunk instance

  1. From the Monitoring Console, click on Health Check.

  2. From the Health Check page, click Start.

Conclusion

Congratulations, you've completed this hands-on lab!