Splunk Detector

Target

New

Install now

Splunk Detector

Target

Install now

Splunk Detector

Target

New

Install now

Splunk Detector

Target

Install now

Go back to list

YouTube content is not loaded by default for privacy reasons.

Introduction

Splunk detectors are discovered to ease their selection within experiments. As a result of the discovery, detectors are selectable by their ID, name, status and creator.

Supported Actions

See all

detector check

New

Collects information about the detector state and optionally verifies that the detector has an expected state.

Check

Splunk detectors

Useful Templates

See all

Splunk Detector fires when a Kubernetes pod is in crash loop

Verify that a Splunk detector alerts you when pods are not ready to accept traffic for a certain time.

Motivation

Kubernetes features a readiness probe to determine whether your pod is ready to accept traffic. If it isn't becoming ready, Kubernetes tries to solve it by restarting the underlying container and hoping to achieve its readiness eventually. If this isn't working, Kubernetes will eventually back off to restart the container, and the Kubernetes resource remains non-functional.

Structure

First, check that the Splunk detector responsible for tracking non-ready containers is in an 'okay' state. As soon as one of the containers is crash looping, caused by the crash loop attack, the Splunk alert rule should fire and escalate it to your on-call team.