All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SoS: can't see information in the resource usage view

krussell101
Path Finder
‎07-07-2012 08:48 AM

Installed SOS yesterday. Installed Sideview Utils after I installed SoS.

In SoS everthing appears to be working except for the two dropdowns under "Resource Usage" and "Crash Log Viewer" under "Warnings and Errors". The latter I would expect some results because I had a crash two weeks ago.

Is there something I've missed in the install of SoS? I did it all from the web interface.

Advice appreciated.

Thanks!

Reply
1 Solution
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎07-14-2012 12:05 AM

Regarding the lack of information in the "Splunk CPU/Memory Usage" view, it seems likely that you haven't enabled the ps_sos.sh scripted input. Read more about how to configure SoS to monitor the resource usage of your Splunk instance in this Splunk Answer.

Regarding the crash log, it's harder to say. Can you check if there is a crash log file in $SPLUNK_HOME/var/log/splunk? If yes, the next step would be to check if it's been indexed to the _internal index by searching for it in the following fashion:

index=_internal source=*crash*.log

Does that return any events?

View solution in original post

Reply
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎07-14-2012 12:05 AM

Regarding the lack of information in the "Splunk CPU/Memory Usage" view, it seems likely that you haven't enabled the ps_sos.sh scripted input. Read more about how to configure SoS to monitor the resource usage of your Splunk instance in this Splunk Answer.

Regarding the crash log, it's harder to say. Can you check if there is a crash log file in $SPLUNK_HOME/var/log/splunk? If yes, the next step would be to check if it's been indexed to the _internal index by searching for it in the following fashion:

index=_internal source=*crash*.log

Does that return any events?

Reply
Solved! Jump to solution

hexx
Splunk Employee
Splunk Employee
‎07-16-2012 09:16 AM

Since you mentioned that you experienced a crash log two weeks ago, I would have expected a crash log there. But if there isn't one, that certainly explains why SOS' crash log viewer isn't showing anything.

Reply
Solved! Jump to solution

krussell101
Path Finder
‎07-16-2012 09:00 AM

Beauty! That did it. I enabled ps_sos.sh and it's all good. Thank YOU.

I do not have a crash.log in that directory. Should I?

Reply
Solved! Jump to solution

rroberts
Splunk Employee
Splunk Employee
‎07-09-2012 07:18 AM

I found this thread useful for troubleshooting:

http://splunk-base.splunk.com//answers/38452/the-lookup-table-splunk_instances_info-is-invalid-sos

Reply
Solved! Jump to solution

krussell101
Path Finder
‎07-09-2012 01:50 PM

I appreciate the link. I had not seen that. I am running 4.3.2. Which is not listed in that link as having a bug. Time allowing however, I may try the fixes they suggest.

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...