All Apps and Add-ons

How to collect CPU and Memory logs from a Unix forwarder?

srisahitya_v
Communicator

How can I collect CPU and Memory usage logs from unix forwarder?

I have Unix indexer and Unix forwarder. Both have connection. NMON and nix **apps* for Unix are not satisfying my problem.
So I want to create a dashboard to analyze CPU utilization and memory consumption of these two Unix boxes.

thanks in advance.

0 Karma
1 Solution

koshyk
Super Champion

Use "Splunk_TA_nix" app. It won't be collecting from file, but rather as scripted input.
- create a local directory within this app and create inputs.conf
- Open a copy of defaults/inputs.conf and check which all items you want to extract
- Then copy exact same paragraph into "local/inputs.conf" and put an entry disabled = 0

#Within Splunk_TA_nix/local/inputs.conf
[script://./bin/vmstat.sh]
disabled = 0
[script://./bin/top.sh]
disabled = 0

and so on...

View solution in original post

0 Karma

koshyk
Super Champion

Use "Splunk_TA_nix" app. It won't be collecting from file, but rather as scripted input.
- create a local directory within this app and create inputs.conf
- Open a copy of defaults/inputs.conf and check which all items you want to extract
- Then copy exact same paragraph into "local/inputs.conf" and put an entry disabled = 0

#Within Splunk_TA_nix/local/inputs.conf
[script://./bin/vmstat.sh]
disabled = 0
[script://./bin/top.sh]
disabled = 0

and so on...

View solution in original post

0 Karma

mendesjo
Explorer

Which app? Is this an add on for the normal agent?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Splunk App for Unix will do that.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

srisahitya_v
Communicator

I used NMON and *nix but i didn't get results. do you know where (in which path) these logs are stay.

0 Karma

guilmxm
SplunkTrust
SplunkTrust
0 Karma

richgalloway
SplunkTrust
SplunkTrust

NMON does not collect CPU or Memory data.
The *nix app runs scripts on the Linux boxes to collect performance data and forward it to Splunk. You must first enable the desired scripts from the app's UI. The data is stored only in Splunk indexers, not on the monitored systems.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

guilmxm
SplunkTrust
SplunkTrust

@ruchgalloway
This is totally wrong, Nmon Perf app collects much more perf metric *nix App will ever do, including CPU and Memory

Data is generated on UF and indexed within Splunk, the Nmon app provides various interfaces to analyse perf of systems. You should give a try -:)

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I thought the OP was referring to the Linux nmon program, which scans networks for open ports.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

guilmxm
SplunkTrust
SplunkTrust

No problem 😉

I guess you mean "nmap"

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, that is what I was thinking of.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!