All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Monitoring CPU,RAM, and disk usage of splunk forwarders

israbenbr
Explorer
‎11-29-2021 04:36 AM

Hello everyone,

I am posting this question because I didn't find any solution : 

I have a trial version of Splunk Enterprise, and i already added  forwarders in the servers i want to monitor

I am trying to install the Splunk add-on for unix and Linux on these forwarders to be able to monitor their cpu, ram and disk usage

The problem is that these machines are under ubuntu 20.04 without a graphic interface, and no option is available to download the .tgz file of this add-on directly via a command line, so i am unable to download this file on my forwarders

Any ideas ?

 

PS : If no link/command is available to do so, is there another way to import the ram,cpu and disk data from these forwarders ? 

 

Thank you in advance !

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-29-2021 07:09 AM

Hi @israbenbr,

at first, did you checked that the route between clients and the server are open?

you can check this using:

telnet ip_server_splunk 8089
telnet ip_server_splunk 9997

before the second check you have to enable receiving on the Splunk server [Settings -- Forwarding and Receiving -- Receiving] on one port (default 9997).

then you have to address the client to send logs to the Server, you can do this following the documentation at https://docs.splunk.com/Documentation/Forwarder/8.2.3/Forwarder/Configuretheuniversalforwarder

in few words, you have to run on the client in CLI 

./splunk add forward-server <host name or ip address>:<listening port>

In this way you create a file $SPLUNK_HOME/etc/system/local/outputs.conf that contains the address of the server to send logs.

In the same location, you'll have the file deploymentclient.conf, containing the address of the Deployment Server, in your test case, the same.

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-29-2021 04:55 AM

Hi @israbenbr,

you have two choices to deploy tour TA:

For a test you could also use the first method that's easier, but I hint to try the second one because it's the usual way in Splunk when you have many clients to deploy.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

israbenbr
Explorer
‎11-29-2021 05:02 AM

Hello,

thank you for your answer but that is not the problem

My problem is that i am not even able to download the TA on my forwarders, because the only option to do it is to connect to the splunk portal via a web interface, and my forwarders are all under ubuntu withtout a graphic interface

So i can not open a browser, because the only operations i can do are via command lines.

Tags (1)
0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-29-2021 05:04 AM

Hi @israbenbr,

if you can connect via SSH, you can follow the second method because the download to the client is managed by The Deployment Server.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

israbenbr
Explorer
‎11-29-2021 06:58 AM

Hey,

I am coming back because i have a problem : 

After configuring the forwarder to be a deployment client, this one doesn't show up on the deployment management on the server

I tried with another forwarder, same problem

I tried everything : restarting splunk on both the server and the client, but nothing works

Any ideas ? 

 

Thank you

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-29-2021 07:09 AM

Hi @israbenbr,

at first, did you checked that the route between clients and the server are open?

you can check this using:

telnet ip_server_splunk 8089
telnet ip_server_splunk 9997

before the second check you have to enable receiving on the Splunk server [Settings -- Forwarding and Receiving -- Receiving] on one port (default 9997).

then you have to address the client to send logs to the Server, you can do this following the documentation at https://docs.splunk.com/Documentation/Forwarder/8.2.3/Forwarder/Configuretheuniversalforwarder

in few words, you have to run on the client in CLI 

./splunk add forward-server <host name or ip address>:<listening port>

In this way you create a file $SPLUNK_HOME/etc/system/local/outputs.conf that contains the address of the server to send logs.

In the same location, you'll have the file deploymentclient.conf, containing the address of the Deployment Server, in your test case, the same.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-01-2021 04:07 AM

Hi @israbenbr,

ok, good fro you, see next time!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

Reply
Solved! Jump to solution

israbenbr
Explorer
‎12-01-2021 04:05 AM

Hi again,

Thank you very much, the problem was that the ports were not opened

thank you ! 

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...