https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446985#M15705 <P>That would be amazing my friend. If you need help testing let me know. We have a small lab specifically for testing new versions of splunk and add ons. Keep us posted if you would be so kind. Thanks!</P> Fri, 09 Nov 2018 12:52:16 GMT Tohrment 2018-11-09T12:52:16Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446983#M15703 <P>So, we aren't in an environment where we can just deploy apps (a la collectd) but want to get metrics in from Linux boxes. Has anyone figured out how to accomplish this with the Splunk Add-on for *nix? I am terrible with regex(trying to change that) so I have not been able to figure out the proper transforms to get the data in a format fit for metrics index ingestion but needing to get it into our lab for future presentations on the matter(in the hopes of getting a license bump lol). Anyway, any help would be most appreciated!</P> Fri, 26 Oct 2018 12:24:41 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446983#M15703 Tohrment 2018-10-26T12:24:41Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446984#M15704 <P>Hi, I have recently worked on a wrapper add-on to work on top of the Splunk NIX Add-On to tap in the output and convert them in to a metric event and transport it to indexers (either via Splunk TCP in csv file format, if the forwarder is of version more than 7 OR send via HTTP Event collector, if the forwarder is version less than 7). I am still trying to do some performance test around that before I can package the same as an add-on and publish it. </P> Fri, 09 Nov 2018 04:40:44 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446984#M15704 fferozbasha 2018-11-09T04:40:44Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446985#M15705 <P>That would be amazing my friend. If you need help testing let me know. We have a small lab specifically for testing new versions of splunk and add ons. Keep us posted if you would be so kind. Thanks!</P> Fri, 09 Nov 2018 12:52:16 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446985#M15705 Tohrment 2018-11-09T12:52:16Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446986#M15706 <P>Thanks for replying, FYI 7.2 does have the <A href="http://docs.splunk.com/Documentation/Splunk/latest/Metrics/L2MOverview">logs to metrics conversion</A> but what Ferroz is describing covers older versions!</P> Fri, 09 Nov 2018 20:55:49 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446986#M15706 gjanders 2018-11-09T20:55:49Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446987#M15707 <P>I have not found anything regarding using logs to metrics to utilize the output of the Splunk Add-on for *nix. If you have a link specifically for that and not the generalized article for Logs2Metrics I would more than be happy to look over it and attempt it.</P> Fri, 09 Nov 2018 21:01:19 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446987#M15707 Tohrment 2018-11-09T21:01:19Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446988#M15708 <P>Nothing except the generalised article which is why this was just a comment and not an answer <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 09 Nov 2018 21:07:17 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446988#M15708 gjanders 2018-11-09T21:07:17Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446989#M15709 <P>Thanks much Tohrment. I will surely share the add-on with you for further testing. I will publish the same in splunkbase and share you the link. </P> Sat, 10 Nov 2018 05:53:07 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446989#M15709 fferozbasha 2018-11-10T05:53:07Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446990#M15710 <P>Did you ever manage to get this setup working? I have a need to do a logs-to-metrics for *nix TA output and any shortcuts would be appreciated.</P> Mon, 19 Aug 2019 20:41:27 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446990#M15710 jherring_splunk 2019-08-19T20:41:27Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446991#M15711 <P>One frustration with the Linux TA (v6.0.2) is that the output contains so much whitespace. Ingesting that data as a metric spares your license, but you still lose on storage and speed.</P> <P>For example, I enabled vmstat.sh, bandwidth.sh, df.sh, and cpu.sh on one host. Those four inputs generate 64,552 bytes / hour of raw events. If I dedup the whitespace (replace \s+ with \s) then that shrinks to 36,465 bytes, which is 44% reduction.</P> <P>In other words, metrics from the Linux TA are 51% whitespace. Anybody try to fix this? The whitespace originates from the awk/printf commands in the bash scripts. The commands format the output into pretty printed tables, which doesn't make sense for machine data.</P> Wed, 11 Dec 2019 17:15:42 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446991#M15711 satyenshah 2019-12-11T17:15:42Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446992#M15712 <P>Hi Tohrment,</P> <P>I have recently released a new add-on to collect Linux metrics without collectd <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Metrics Add-on for Infrastructure:<BR /> <A href="https://splunkbase.splunk.com/app/4856/">https://splunkbase.splunk.com/app/4856/</A></P> <P>All feedback is welcome <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>L.</P> Thu, 30 Jan 2020 10:33:20 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/446992#M15712 lukeh 2020-01-30T10:33:20Z https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/507286#M17449 <P>Hello&nbsp; Lukeh,</P><P><SPAN class="">Thanks&nbsp; for solution&nbsp;<SPAN>Metrics Add-on for Infrastructure.&nbsp; it is&nbsp; working&nbsp; perfectly&nbsp; for linux.&nbsp;&nbsp;</SPAN></SPAN></P><P><SPAN class=""><SPAN>Now I am struggling&nbsp; with HPUX&nbsp; ,solaris and AIX.&nbsp;&nbsp;</SPAN></SPAN></P><P><SPAN class=""><SPAN>It would be great&nbsp; if you have solution on those OS&nbsp; as&nbsp; well.&nbsp;&nbsp;</SPAN></SPAN></P><P>Thanks&nbsp; in Advance&nbsp;</P><P>Arijit Chowdhury&nbsp;</P> Fri, 03 Jul 2020 17:57:36 GMT https://community.splunk.com/t5/Deployment-Architecture/Splunk-Metrics-via-Splunk-Add-on-for-nix/m-p/507286#M17449 Arijit1 2020-07-03T17:57:36Z