11-07-2018 06:14 AM
Reporting and Analytics - we are trying to configure to generate an alert in case of appliance use DNS cache more than 90% value. Current alert has some predefined values in splunk language which is bit difficult to understand.
Any one knows, please suggest on this.
NIOS - 8.0.9
Reporting - IB 2200
11-07-2018 01:19 PM
Technically I haven't seen much scenarios where recursive cache size crosses 90%, as the server(Some IB models at least) would start trimming it at 87.5% & some others may start returning SERVFAIL responses. Did you mean cache-hit-ratio instead ? I guess not, as an admin may not try to get alerts for anything above 90+ % since it is absolutely not a number to be worried about(Let me know if this is the case). Can you tell me the exact name of the ‘report’ which you referred to ? If it is a custom report, can you share its SPL here so that I could customize it for you as appropriate ?
11-15-2018 07:25 AM
Alert name is - si-search-dns-cache-hit-ratio. We had an issue with exceeding maximum cache due to number VIEWS got assigned to an appliance. We do use number of VIEWS in single Grid with recursive members, hence we need keep this alert mechanism to get notify in case of it croses threashold value.