All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do you get network utilisation statistics on Solaris?

lquinn
Contributor
‎07-20-2017 09:20 PM

I have deployed Splunk_TA_Nix to several Solaris 11 servers, however the bandwidth.sh script is failing since there is no -n flag for the sar command on these servers.

I have tried several other commands, dlstat, netstat etc, but have not yet found a solution.

Has anyone managed to edit this script to work successfully on Solaris 11?

Thanks. Script below: 

. `dirname $0`/common.sh

HEADER='Name    rxPackets_PS txPackets_PS rxKB_PS txKB_PS'
HEADERIZE="BEGIN {print \"$HEADER\"}"
PRINTF='{printf "%s    %s  %s  %s  %s\n", Name, rxPackets_PS, txPackets_PS, rxKB_PS, txKB_PS}'

# Note: For FreeBSD, bsdsar package needs to be installed. Output matches linux equivalent
if [ "x$KERNEL" = "xLinux" ] ; then
    CMD='sar -n DEV 1 2'
    FILTER='($0 !~ "Average" || $0 ~ "sar" || $2 ~ "lo|IFACE") {next}'
    FORMAT='{Name=$2; rxPackets_PS=$3; txPackets_PS=$4; rxKB_PS=$5; txKB_PS=$6}'
elif [ "x$KERNEL" = "xSunOS" ] ; then
    CMD='sar -n DEV 1 2'
    FILTER='($0 ~ "Time|sar| lo") {next}'
    FORMAT='{Name=$2; rxPackets_PS=$5; txPackets_PS=$6; rxKB_PS=$3; txKB_PS=$4}'
elif [ "x$KERNEL" = "xAIX" ] ; then
    # Sample output: http://www-01.ibm.com/support/knowledgecenter/ssw_aix_61/com.ibm.aix.performance/nestat_in.htm
    CMD='netstat -i -Z; netstat -in'
    FILTER='($0 ~ "Name|sar| lo") {next}'
    FORMAT='{Name=$1; rxPackets_PS=$5; txPackets_PS=$7; rxKB_PS=?; txKB_PS=?}'
elif [ "x$KERNEL" = "xDarwin" ] ; then
    CMD='sar -n DEV 1 2'
    FILTER='($0 !~ "Average" || $0 ~ "sar" || $2~/lo[0-9]|IFACE/) {next}'
    FORMAT='{Name=$2; rxPackets_PS=$3; txPackets_PS=$5; rxKB_PS=$4/1024; txKB_PS=$6/1024}'
elif [ "x$KERNEL" = "xHP-UX" ] ; then
    # Sample output: http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c02263324
    CMD='netstat -i 1 2'
    FILTER='($0 ~ "Name|sar| lo") {next}'
    FORMAT='{Name=$1; rxPackets_PS=$5; txPackets_PS=$7; rxKB_PS=?; txKB_PS=?}'
elif [ "x$KERNEL" = "xFreeBSD" ] ; then
    CMD='sar -n DEV 1 2'
    FILTER='($0 !~ "Average" || $0 ~ "sar" || $2 ~ "lo|IFACE") {next}'
    FORMAT='{Name=$2; rxPackets_PS=$3; txPackets_PS=$4; rxKB_PS=$5; txKB_PS=$6}'
fi

assertHaveCommand $CMD
$CMD | tee $TEE_DEST | $AWK "$HEADERIZE $FILTER $FORMAT $PRINTF"  header="$HEADER"
echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> $TEE_DEST
Tags (2)
0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎07-22-2017 05:23 AM

I recommend taking a look at the nmon app. It uses sarmon to collect. Might provide some ideas, or simply a better route.

https://splunkbase.splunk.com/app/1753/

- MattyMo
Reply

merlyn9
Engager
‎12-14-2017 10:15 AM

Has anyone opened/filed a ticket against this???
nmon app may be nice, but it brings too many dependencies along with it.

thanks;

               ---mts
0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎12-14-2017 11:05 AM

Not sure I agree on the dependancies being an issue, but I mean, you could just use sarmon I guess??

From the Docs: http://docs.splunk.com/Documentation/UnixAddOn/5.2.4/User/Platformandhardwarerequirements

Official support
The Splunk Add-on for Unix and Linux supports most versions of *nix that appear in the Unix operating systems section of the Splunk Enterprise Installation Manual. Here is the list of the exceptions: Solaris 10, Solaris 11 and RHEL 7.

Obviously opening an enhancement request is an option, but I know there are faster ways to resolve this for yourself.

Ran into a similar issue with HP-UX, just needed to determine the right command to get the info you are looking for then edit the scripted input.

Have we even found the right solaris command to give you what you are looking for??

- MattyMo
0 Karma
Reply

merlyn9
Engager
‎12-14-2017 12:31 PM

Justifying building and deploying sarmon across almost 700+ Prod/Dev/Test Solaris (10 & 11) Server Instances just to get a specific feature of Splunk to function better (After having just migrated to Splunk from a different tool) would be a Hard sell especially since the Same Functionality works as-expected on Linux.

However that's Not All I'm discovering. Currently putting together a matrix.
PM me off-thread if interested.

thanks;

   ---mts
0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎12-14-2017 01:01 PM

The docs highlight the OS is not supported, so looks like some disconnect in expectations. (unless im parsing that wrong??)

Again, how do you output the info you need on solaris today?

Once you have the proper command, updating the input is trivial.

thats one of the powers of Splunk...the customization options are endless and thus don't have you waiting on someone else to implement something specific to your enviro.

If you can isloate the command that gives the output needed, im sure we can find a solution that works.

- MattyMo
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Index This | I am a number but I am countless. What am I?

January 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  Happy New Year! We’re ...

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

PLATFORM TECH TALKS What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience Thursday, February 27, ...