Installation¶
New Installations¶
Note: If you are installing the Broken Hosts App on a search head cluster, follow Splunk’s documentation for app installation
- On the Splunk toolbar, select Apps > Find More Apps.
- In the search box, search for broken hosts.
- Next to the Broken Hosts App for Splunk, select the Install button.
- Follow the prompts and, if necessary, restart Splunk.
- (Optional, but recommended) - Backfill summary index by running this CLI command:
cd $SPLUNK_HOME/bin && ./splunk cmd python fill_summary_index.py -app broken_hosts -name bh_stats_gen -dedup true -et -30d@d -lt now -j 10 -showprogress true
Once the app is installed, please review the Configuration documentation.
Upgrading¶
- On the Splunk toolbar, select Apps > Manage Apps.
- Find the Broken Hosts App for Splunk.
- Under the Version column, select Update to 4.0.x.
- Follow the prompts and, if necessary, restart Splunk.
- Follow any version-specific upgrade instructions below.
Upgrading to 4.0.x from 3.x or below¶
Starting with Broken Hosts 4.0.1, the Broken Hosts Sanity Check
has been split into two
pieces, neither of which is enabled by default. To restore similar behavior to previous versions,
follow these steps:
- (Optional, but recommended) - Backfill summary index by running this CLI command:
cd $SPLUNK_HOME/bin && ./splunk cmd python fill_summary_index.py -app broken_hosts -name bh_stats_gen -dedup true -et -30d@d -lt now -j 10 -showprogress true
- Review your
search_additions
macro to determine which functionality must occur in the stats generation phase, and which must occur in the alert generation phase. - Copy the stats generation parts of your existing
search_additions
macro to the newbh_stats_gen_additions
macro. - Copy the alert generation parts of your existing
search_additions
macro to the newbh_alert_additions
macro. - Enable the
Broken Hosts Alert - by contact
search.
Afterwards, we recommend reviewing the Configuration documentation to get a feel for how the new split searches work, and things you can do now with the standalone alerting searches that were impossible previously with the unified search.
Upgrading to 3.3.3¶
Starting with Broken Hosts 3.3.3, the Broken Hosts Lookup is stored in KV store rather than in a CSV file. Once you have completed this upgrade, follow these steps to convert your lookup file to KV Store:
- Open a search panel and run the following search:
| inputlookup expectedTime.csv
- Confirm the results appear as expected - this should display your existing Broken Hosts Lookup.
- Run the following search to dump the existing lookup into the new KV Store lookup.
| inputlookup expectedTime.csv | outputlookup expectedTime
- Go to the
Configure Broken Hosts Lookup
dashboard to confirm that the configuration is correct.