Is there an alternative to monitoring Splunk CPU and Memory Utilization other than S.o.S, Deployment Monitor, or Splunk App for *nix?



I have a requirement to monitor CPU Utilization % and Memory usage for all the hosts where Splunk is running. I have used
1) SOS
2) Deployment Monitor
3) Splunk-TA-nix

But all these are apps are quite heavy with respect to license and CPU they themselves consume. The "top" command is considered to be very CPU-intensive.

Is there an alternative solution?


Splunk Employee
Splunk Employee

If the vast majority of your deployment is running on Splunk Enterprise 6.1 or later, I would recommend to use the Distributed Management Console to achieve this goal.

This is a new feature of Splunk Enterprise 6.2 which allows you to monitor your Splunk deployment from a central location. It includes several views specifically centered on resource usage and leverages platform instrumentation (a built-in feature of Splunk Enterprise 6.1) to gather process-level information and metrics.


Okay, will give this a try.
Can I monitor resource usage of my heavy forwarders too from my search head using this app?

Yes you can, though at the current (6.2) version there the DMC has no such role as Heavy Forwarder,
the closest one it has predefined is Indexer - as the HF actually cooks the data.

