1

I've recently downloaded and installed a Splunk 4.0.4 Server Enterprise trial (running on Windows Server 2008 if that matters), and now I want to set it up to monitor a few web pages in addition to the logs I'm already watching with Splunk.

I installed the "Web Page Monitor" app from the Splunk website, but now I'm baffled about how to set it up to start monitoring some web pages.

I poked around the file system and found \Program Files\Splunk\etc\apps\webping\ which (according to the MANIFEST file) has the friendly name of "Web Page Monitor". (No idea why Splunk isn't showing the friendly name on the Manager/Apps page-- it lists "webping" instead.)

Ideally, I'd like to have it check a particular URL every minute, and send me an email if it returns anything other than a 200 status or takes longer than 10 seconds to return.

Any idea how to do this?

UPDATE: I know that Splunk's monitoring/alerting support is pretty limited (and I'm trying out other monitoring tools in parallel) but that said my monitoring/alerting needs are not complex. Using multiple management tools, even if each is best-of-breed for its task, comes with a cost-- so while I'm trying out Nagios, etc. I'd also like to understand what Splunk can do (even if it's limited compared with other tools), so I can make an informed decision about whether to run a separate monitoring tool or not.

Justin Grant
  • 259
  • 2
  • 4
  • 12

2 Answers2

4

My understanding of Splunk is that its primary function is to be basically a data mining/aggregation tool for IT departments. Log collection, correlation and so forth. They may have some sort of active monitoring available, but I've not seen anything to verify that. If monitoring capabilities exist, they surely don't market them on their website.

Anyway you may want to consider using Splunk for what it's good at - data collection and searching. Then deploy another application for monitoring. There are many free/open source apps out there that do a superb job of application monitoring and notification. Zenoss, Nagios, and Zabbix are three that I've worked with and have proved themselves to work very well.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • 2
    +1, Splunk is really the wrong tool for this job. – James Oct 23 '09 at 07:32
  • agreed-- I'm not really thinking of using Splunk to replace a focused monitoring tool like Nagios, SiteScope, Big Brother, etc. Instead, I already have Splunk up and running in my environment and was wondering how its HTTP monitoring feature works-- see my updated question for more context. – Justin Grant Oct 23 '09 at 19:07
0

I do agree with above, but you could do something odd simply as follows:

Have scripts execute with cron jobs populate files.

Have splunk monitor the contents of files.

These scripts would be considered pollers and would obviously be outside processes.

Guess what I just described? Nagios/Icinga, Zenoss, Opsview, Spiceworks, etc.

Hmm... you could have a notification command in nagios/icinga send something to Splunk over TCP (almost as if Splunk was logging syslog).

Or you could just use this.

brandeded
  • 1,845
  • 8
  • 32
  • 50