All Apps and Add-ons

Is there an alternative to monitoring Splunk CPU and Memory Utilization other than S.o.S, Deployment Monitor, or Splunk App for *nix?



I have a requirement to monitor CPU Utilization % and Memory usage for all the hosts where Splunk is running. I have used
1) SOS
2) Deployment Monitor
3) Splunk-TA-nix

But all these are apps are quite heavy with respect to license and CPU they themselves consume. The "top" command is considered to be very CPU-intensive.

Is there an alternative solution?


Splunk Employee
Splunk Employee

If the vast majority of your deployment is running on Splunk Enterprise 6.1 or later, I would recommend to use the Distributed Management Console to achieve this goal.

This is a new feature of Splunk Enterprise 6.2 which allows you to monitor your Splunk deployment from a central location. It includes several views specifically centered on resource usage and leverages platform instrumentation (a built-in feature of Splunk Enterprise 6.1) to gather process-level information and metrics.


Okay, will give this a try.
Can I monitor resource usage of my heavy forwarders too from my search head using this app?

0 Karma


Yes you can, though at the current (6.2) version there the DMC has no such role as Heavy Forwarder,
the closest one it has predefined is Indexer - as the HF actually cooks the data.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.