Monitor and get alerted as soon as there is any issue with Cribl pushing data to AWS?
Hi, we have a requirement to push a copy of all data to AWS for storage which I have just completed and it is working perfectly. I am now looking into how we can effectively monitor and get alerted as soon as there is any issue with Cribl pushing data to AWS and I was wondering if anyone else has done this etc? Do you only use the Notifications in Cribl to alert or is there a way to monitor this with Cribl logs (currently pushed to Splunk) where we can create urgent alerts for someone to investigate. I want to make sure that we get alerted as soon as there are any problems as we cannot afford to loose any data etc.
Answers
-
A few options as you already referenced 1) alert on errors in the cribl logs (you mentioned already sending those to splunk ) 2) use the built in cribl destination unhealthy condition alert 3) enable and route the cribl internal metrics source to splunk or other metric store and also can setup alerts from those metrics/events. If its critical to alert - might want a belt and suspender approach with multiple alerts/methods.
0 -
Devil's advocate... don't use Cribl Stream to monitor Cribl Stream. Push the logs to Splunk and use the reporting there to generate alerts. I would even go further to say use something like Cribl Edge (or another agent of your liking) to push the Cribl Stream logs directly into Splunk by monitoring the `$CRIBL_HOME/log` folder.
0