Outcold Solutions - Monitoring Kubernetes, OpenShift and Docker in Splunk
Monitoring Docker in Splunk Monitoring Kubernetes in Splunk Monitoring OpenShift in Splunk Monitoring Linux in Splunk Monitoring Windows Containers in Splunk Forwarding Logs to Elasticsearch and OpenSearch Forwarding Logs to QRadar
Documentation Blog Contact Us Pricing Evaluation licenses Partners License Agreement Privacy Policy FAQ
Monitoring Linux

Alerts

Predefined alerts

Monitoring Linux ships a set of predefined alerts covering license health, collector health, and the most common host-level capacity issues. Review the list and enable the ones that fit your environment.

Monitoring Linux: Collector Failed License Checks

Fires when Collectord fails to reach the licensing server.

Monitoring Linux: Collector License Expiration (less than 14 days)

Fires when your license is within 14 days of expiring.

Monitoring Linux: Collector license overuse

Fires when the app sees more collectors reporting in than your license allows.

Monitoring Linux: Collector outdated

Fires when collectord versions running on your hosts are older than the installed Splunk app expects.

Monitoring Linux: Warning: linux runtime disk space is low

A Linux host has less than 20% free disk space.

Monitoring Linux: Warning: high host memory usage

A Linux host is using more than 85% of its memory.

Monitoring Linux: Cluster Warning: high host CPU usage

A Linux host has averaged more than 90% CPU over the last 5 minutes.

Monitoring Linux: Warning: collectord has WARN or ERROR logs

Collectord itself is reporting warnings or errors.

Alert triggers

The Hosts page surfaces currently triggered alerts at the top, populated by the /alerts/fired_alerts/ REST call.

Other triggers

Splunkbase has a wide selection of alert actions for routing alerts into Slack, PagerDuty, email, ticketing systems, and other incident-management tools. Install the action you need, then edit the predefined alerts to wire it in.