Daily Health Checks
Morning Splunk health review with the Daily Health Check workflow
Daily Health Checks
The Daily Health Check workflow runs a broad health review across your Splunk deployment. Use it for morning routines or before major changes.
Navigation
- Parent: Use Cases
- Related: Workflow Templates | Running Workflows
The Scenario
You start your day and want a quick health review of your Splunk deployment. You need to know if indexers are healthy, license usage is within limits, forwarders are connected, and ingestion is flowing. Manually checking each area takes 30+ minutes. You want a single run that covers the essentials.
What It Checks (6 Areas)
| Area | What It Checks |
|---|---|
| Indexer | Status, capacity, replication |
| Search Head | Availability, search load |
| License | Usage, limits, warnings |
| Ingestion | Volume, indexing lag |
| Forwarders | Connectivity, deployment status |
| Performance | Search latency, CPU, memory |
Duration: 2–5 minutes | Complexity: Intermediate
Steps
- Open Workflows — Go to the Workflows section and select the Daily Health Check template.
- Run the workflow — Start the run. No scope configuration required for the standard check.
- Review the summary — You get pass/fail status per category and any recommended actions.
Interpreting Results
- Pass — Category is healthy. No action needed.
- Warning — Minor issues. Schedule follow-up if needed.
- Fail — Requires attention. The report includes suggested next steps and SPL for deeper investigation.
Setting Up Routine Checks
Run the Daily Health Check at the start of each day or before deployments. On Enterprise plans, use the Workflow Scheduler to automate runs. You can route results to Slack or email for team visibility.
