All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I set up the S.o.S app to monitor Splunk's system resource consumption?

hexx
Splunk Employee
Splunk Employee
‎01-20-2012 06:14 PM

I would like to set up the Splunk on Splunk app to monitor the resource usage (CPU and memory) of Splunk on my search-head and on my search peers.

How would I go about doing that?

Reply
1 Solution
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎01-20-2012 06:34 PM

As of Splunk on Splunk 2.0, SoS ships with the ps_sos.sh scripted input which once enabled, allows you to track the CPU and memory usage of the main Splunk components :

  • Splunkweb, the cherrypy-based web front-end.
  • splunkd, the back-end daemon which manages the indexing of data.
  • The searches fired by splunkd to retrieve events and build reports.

Note: Currently, this scripted input only exists on Linux and Unix. A similar functionality for Windows will be added in a future SoS release.

Also: You do not need to install the SoS technology add-on on an instance where SoS is already installed.

The ps_sos.sh data input ships both with the SoS app and with the SoS technology add-on for Unix and Linux.

1) On a search-head or stand-alone indexer:

  • Install the SoS app.
  • Enable the ps_sos.sh scripted input by one of the following methods:

a) Go to Manager > Data Inputs > Scripts. Enable the ps_sos.sh data input.

or

b) Run the following command from a terminal window:

$SPLUNK_HOME/bin/splunk _internal call '/servicesNS/nobody/sos/data/inputs/script/.%252Fbin%252Fps_sos.sh' -post:disabled 0

2) On search peers:

a) If Splunkweb is running, go to Manager > Data Inputs > Scripts. Enable the ps_sos.sh data input.

or

b) Run the following command from a terminal window:

$SPLUNK_HOME/bin/splunk _internal call '/servicesNS/nobody/TA-sos/data/inputs/script/.%252Fbin%252Fps_sos.sh' -post:disabled 0

Going forward, you will be able to track the CPU and memory usage of Splunk in the "Splunk CPU/Memory Usage" SoS view. Per-search memory usage for the biggest memory-consuming searches can be consulterd in the "Distributed Searches Memory Usage" view.

For further information on deployment best practices for SoS, please refer to this Splunk Answer.

View solution in original post

Reply
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎01-20-2012 06:34 PM

As of Splunk on Splunk 2.0, SoS ships with the ps_sos.sh scripted input which once enabled, allows you to track the CPU and memory usage of the main Splunk components :

  • Splunkweb, the cherrypy-based web front-end.
  • splunkd, the back-end daemon which manages the indexing of data.
  • The searches fired by splunkd to retrieve events and build reports.

Note: Currently, this scripted input only exists on Linux and Unix. A similar functionality for Windows will be added in a future SoS release.

Also: You do not need to install the SoS technology add-on on an instance where SoS is already installed.

The ps_sos.sh data input ships both with the SoS app and with the SoS technology add-on for Unix and Linux.

1) On a search-head or stand-alone indexer:

  • Install the SoS app.
  • Enable the ps_sos.sh scripted input by one of the following methods:

a) Go to Manager > Data Inputs > Scripts. Enable the ps_sos.sh data input.

or

b) Run the following command from a terminal window:

$SPLUNK_HOME/bin/splunk _internal call '/servicesNS/nobody/sos/data/inputs/script/.%252Fbin%252Fps_sos.sh' -post:disabled 0

2) On search peers:

a) If Splunkweb is running, go to Manager > Data Inputs > Scripts. Enable the ps_sos.sh data input.

or

b) Run the following command from a terminal window:

$SPLUNK_HOME/bin/splunk _internal call '/servicesNS/nobody/TA-sos/data/inputs/script/.%252Fbin%252Fps_sos.sh' -post:disabled 0

Going forward, you will be able to track the CPU and memory usage of Splunk in the "Splunk CPU/Memory Usage" SoS view. Per-search memory usage for the biggest memory-consuming searches can be consulterd in the "Distributed Searches Memory Usage" view.

For further information on deployment best practices for SoS, please refer to this Splunk Answer.

Reply
Solved! Jump to solution

hexx
Splunk Employee
Splunk Employee
‎11-01-2012 10:26 PM

Yes, except that you should install the S.o.S technology add-on for Windows on your search peers and the script to be enabled is ps_sos.ps1.

0 Karma
Reply
Solved! Jump to solution

Rob
Splunk Employee
Splunk Employee
‎11-01-2012 03:08 PM

Are the instructions for monitoring the resource usage for Windows the same?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...