All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to fix CPU=all Unix field not being retrieved?

igor04653
Loves-to-Learn Everything
‎08-05-2022 03:05 AM

No CPU.pngCPU.png

Hello Community.
Can you please tell me how to fix this, I don't understand why this is happening. I have explored various topics but have not been able to find a solution.
I have an application which is configured by Splunk_TA_nix on remote servers.
But not all servers are getting the CPU=all field
I first encountered this when a team with their dashboard contacted me. They had 2 lonely servers. On one of them the CPU field was extracted and the dashboard worked. On the other one it didn't work anymore.
I have set up a new server to forward the logs. But there was no CPU field on that one either.
I even installed the sysstat utility. But I can't figure it out yet. Thus I am asking for help. Regards to everyone

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-05-2022 07:13 AM

Hi @igor04653,

in addition to the question of @richgalloway, could you check if the version of installed Splunk_TA_nix is the same of the other servers?

Ciao.

Giuseppe

0 Karma
Reply

igor04653
Loves-to-Learn Everything
‎08-07-2022 10:09 PM

Thank you for responding to my question. I checked the Splunk_TA_nix version. On the working server and on the new one where it doesn't work - they are the same.
In the inputs.conf settings the same parameters are included.
But I noticed a difference in the versions of the Universal Forwarder agent
On the working server, version 7.3.3 is used
I installed 8.2.6
There is also a difference in operating system versions.
The working one uses Oracle Linux. And I do the setup on Ubuntu server 20.04.

 
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-07-2022 10:45 PM

Hi @igor04653,

after UF upgrade is the problem still present?

The operative system version shouldn't be so relevant, to be sure, try to manually run scripts in that UF.

Ciao.

Giuseppe

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-05-2022 05:05 AM

Is the TA installed on all servers and is the cpu_metric.sh input enabled on them all?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

igor04653
Loves-to-Learn Everything
‎08-07-2022 10:11 PM

Thank you for responding to my question. I checked the parameters of the inputs.conf file
They are configured like this on both servers

# Shows stats per CPU (useful for SMP machines)
[script://./bin/cpu.sh]
sourcecetype = cpu
source = cpu
interval = 300
index = os
disabled = 0

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...