How do we tell if your server crashed?

I'm trying to look for a key word or phrase in any /var/log/* files which my Splunk event manager could pick up on to tell me if a server crashed over night and rebooted.

I don't want to just check for reboots, we do those WAY too much these days with all the patching going on.

What do I search on to find this event? Is there anything to configure in kdump that'll help?