https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381926#M6343 <P>I'd like to implement some basic searches for server and OS monitoring without getting caught up in the differences between sourcetypes and field names.</P> <P>I already implemented the <A href="https://splunkbase.splunk.com/app/742/">Splunk Add-on for Microsoft Windows </A>and the <A href="https://splunkbase.splunk.com/app/833/">Splunk Add-on Unix and Linux</A> but I find that enumerating each sourcetype and coalescing the common fields is feeling unnecessarily complicated.</P> <P>Are there any basic searches that provide server and OS monitoring without me having to deal with the complexities of the sourcetype differences? Something akin to the <A href="https://docs.splunk.com/Documentation/CIM/latest/User/Performance">Performance Model</A> of the <A href="https://docs.splunk.com/Documentation/CIM/latest/User">Common Information Model</A>, perhaps?</P> Wed, 13 Feb 2019 18:07:28 GMT sloshburch 2019-02-13T18:07:28Z https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381926#M6343 <P>I'd like to implement some basic searches for server and OS monitoring without getting caught up in the differences between sourcetypes and field names.</P> <P>I already implemented the <A href="https://splunkbase.splunk.com/app/742/">Splunk Add-on for Microsoft Windows </A>and the <A href="https://splunkbase.splunk.com/app/833/">Splunk Add-on Unix and Linux</A> but I find that enumerating each sourcetype and coalescing the common fields is feeling unnecessarily complicated.</P> <P>Are there any basic searches that provide server and OS monitoring without me having to deal with the complexities of the sourcetype differences? Something akin to the <A href="https://docs.splunk.com/Documentation/CIM/latest/User/Performance">Performance Model</A> of the <A href="https://docs.splunk.com/Documentation/CIM/latest/User">Common Information Model</A>, perhaps?</P> Wed, 13 Feb 2019 18:07:28 GMT https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381926#M6343 sloshburch 2019-02-13T18:07:28Z https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381927#M6344 <P>The answer for this question has been distributed to the following posts:</P> <UL> <LI><A href="https://answers.splunk.com/answers/797319">Example of how to measure server disk usage?</A></LI> <LI><A href="https://answers.splunk.com/answers/797322">Example of how to measure server memory usage by host?</A></LI> <LI><A href="https://answers.splunk.com/answers/797324">Example of how to measure server network usage?</A></LI> <LI><A href="https://answers.splunk.com/answers/797317/example-of-how-to-measure-server-cpu-usage.html">Example of how to measure server CPU usage?</A></LI> </UL> Wed, 13 Feb 2019 18:08:03 GMT https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381927#M6344 sloshburch 2019-02-13T18:08:03Z https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381928#M6345 <P>Added a section about Alerts and incoming link <A href="https://answers.splunk.com/answers/770200/what-are-the-best-event-data-inputs-for-basic-serv.html">What are the best event-data inputs for basic server and os monitoring?</A>.</P> Wed, 04 Sep 2019 16:48:29 GMT https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381928#M6345 sloshburch 2019-09-04T16:48:29Z https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381929#M6346 <P>Does the existence of the <A href="https://splunkbase.splunk.com/app/3975/">Splunk App for Infrastructure</A> change any of your recommendations?</P> Wed, 04 Sep 2019 23:29:27 GMT https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381929#M6346 gjanders 2019-09-04T23:29:27Z https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381930#M6347 <P>@gjanders - You're spot on. That's the intent of the "Future" section here. We'll eventually update this for the metrics and <A href="https://splunkbase.splunk.com/app/3975">Splunk App for Infrastructure</A> which is quickly becoming a game changer in this domain.</P> Thu, 05 Sep 2019 21:03:46 GMT https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381930#M6347 sloshburch 2019-09-05T21:03:46Z https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381931#M6348 <P>Updated "Storage Free" search to display by different mount/disks.</P> Wed, 13 Nov 2019 19:59:28 GMT https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381931#M6348 sloshburch 2019-11-13T19:59:28Z https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381932#M6349 <P>Replaced the answer with its new homes.</P> Wed, 29 Jan 2020 19:58:07 GMT https://community.splunk.com/t5/Monitoring-Splunk/What-are-the-best-practice-searches-for-server-OS-monitoring/m-p/381932#M6349 sloshburch 2020-01-29T19:58:07Z