Description: Checksplunk is a non-obtrusive Perl script for Splunk Administrators to understand the health and integrity of Splunk and the server(s) Splunk is running on. It doesn't write anything to the system or any splunk config files. It doesn't change or modify anything, it only reads information that readily available from the server or within Splunk.

Features
System Level Output
      CPU load (vmstat)
      Disk utilization (iostat) on disk with hot/warm db's
      Load Average (uptime)
      Free memory (meminfo)
      Server hostname
      Disk size of dbase storage
      Current day/time
      Seconds since 1970 (See spdash Doc's)

Splunk Level Output
      Splunk version
      Splunk daemon running (from process table)
      Splunkd running (from splunk status)
      Splunkweb running (from splunk status)
      Number of events indexed
      Number of errors in the log files
      Display the errors in the log files
      Number of hosts
      Display indexed hosts
      License Information
      Number of users accounts created in Splunk
      Output user audit logs
      Display users with accounts in Splunk
      Display the top 10 systems using the largest amount of license in kb
      Display number of searches & last access time by users
      Build all the SPDASH files needed for web dashboard interface

Supported Systems: Unix, Linux.

Requirements: Perl and a commercial version of splunk

Feel free to share and distribute to anyone that can find this useful.

Instructions: Full Documentation can be found here

SYNTAX: checksplunk [OPTIONS]

 hosts : Display all Hosts indexed by Splunk
  hogs : Display the top 10 systems using the largest amount of license in kb
search : Display's number of searches & last access time by users
spdash : Builds all the SPDASH files needed for web dashboard interface
 users : Display users authenticated to us Splunk
    -A : All options are processed, excluding -G, hosts, and users
    -c : CPU load (vmstat) [C]
    -C : display all 'computer' related information
    -d : splunkd running (from splunk status) [S]
    -D : Add a description to the output of an argument
    -e : number of events indexed [S]
    -g : number of errors in the log files [S]
    -G : display the errors in the log files [S]
    -h : number of hosts [S]
    -i : disk utilization (iostat) on disk with hot/warm dbs [C]
    -l : Load Average (uptime) [C]
    -L : license information [S]
    -m : free memory (meminfo) [C]
    -n : name of the server/host [C]
    -p : splunk daemon running (from process table) [S]
    -s : disk size of dbase storage [C]
    -S : display all 'splunk' related information, excluding -G, hosts, users
    -t : current day/time [C]
    -u : number of users authenticated to use Splunk [S]
    -U : Output user audit logs
    -v : splunk version [S]
    -w : splunkweb running (from splunk status) [S]

Check out the:	README
The latest version:	checksplunk-v1.0b.tar - cksum: 468741682 307200
Archive versions:	checksplunk-v1.0a.tar - cksum: 4021361248 30720

CHANGE LOG:

V1.0b	05/2009	spdash output function rewrite, it was broken on some linux flavors.
V1.0a	04/2009	Addtions of arguments: users, hogs, search, spdash, -U.
V1.0	03/2009	First realease.