All Apps and Add-ons
Highlighted

Index iostat data using nix

New Member

Hi,

We collect sar/iostat data on our servers which are written to files. I would like to view the data collected in splunk using nix. At the moment we rsync the files from our production system to our internal systems for monitoring. I would like to have our internal splunk system index this data and view it using nix. Is this possible given our current configuration.

Thanks

0 Karma
Highlighted

Re: Index iostat data using nix

Splunk Employee
Splunk Employee

Sure, you will just need to have Splunk index the sar/iostat output files with the same sourcetype as the unix app is expecting (e.g. sourcetype=sar, sourcetype=iostat). You will also need to ensure that field extractions are consistent between the default unix extractions and your data.

View solution in original post

0 Karma