All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App and Add-on for Unix and Linux: Why are all servers showing "unknown" for vmstat.sh?

dperry
Communicator
‎04-20-2016 10:03 AM

I must be missing something here......I have several AIX 6.1 & RHEL 5/6 servers installed with the Add on Splunk_TA.

On the Splunk App for Unix, all of the servers do not show the output for the command vmstat.sh, instead it says unknown - is vmstat.sh enabled?

I look at the Add-on configuration and it's enabled.
When I go to the location: /opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin vmstat.sh I can run it as root, but when I run it as Splunk, nothing comes up. The permission for all the other commands are the same and they do work: cpu.sh, df.sh,ps.sh annd so on.

Any thing I can look at to see if the vmstat.sh command is not configured right?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dperry
Communicator
‎04-20-2016 03:09 PM

After further investigation I figured it out. Permissions, Permissions, Permissions. Although there were no indication from the Splunkd logs that the command vmstat.sh was failing I opened the Splunk_TA_nix/bin/vmstat.sh in VI:

elif [ "x$KERNEL" = "xAIX" ] ; then
set -x
assertHaveCommand uptime
assertHaveCommand ps
assertHaveCommand vmstat
assertHaveCommandGivenPath /usr/sbin/swap
assertHaveCommandGivenPath /usr/bin/svmon
CMD='eval uptime ; ps -e | wc -l ; ps -em | wc -l ; /usr/sbin/swap -s ; vmstat 1 1 ; vmstat -s ; svmon'

I placed a set -x to see what the script was doing and it was stopping at least two commands...The Splunk user account did not have the correct permissions to run these. I added Splunk in the system group and it started to collect the data.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

andygerber
Path Finder
‎03-21-2018 09:01 AM

On 16.06 Ubuntu for example, sysstat is not installed by default, which is required for vmstat.sh and cpu.sh to work. Do an apt-get install sysstat and things will work much better.

0 Karma
Reply
Solved! Jump to solution
Solution

dperry
Communicator
‎04-20-2016 03:09 PM

After further investigation I figured it out. Permissions, Permissions, Permissions. Although there were no indication from the Splunkd logs that the command vmstat.sh was failing I opened the Splunk_TA_nix/bin/vmstat.sh in VI:

elif [ "x$KERNEL" = "xAIX" ] ; then
set -x
assertHaveCommand uptime
assertHaveCommand ps
assertHaveCommand vmstat
assertHaveCommandGivenPath /usr/sbin/swap
assertHaveCommandGivenPath /usr/bin/svmon
CMD='eval uptime ; ps -e | wc -l ; ps -em | wc -l ; /usr/sbin/swap -s ; vmstat 1 1 ; vmstat -s ; svmon'

I placed a set -x to see what the script was doing and it was stopping at least two commands...The Splunk user account did not have the correct permissions to run these. I added Splunk in the system group and it started to collect the data.

0 Karma
Reply
Solved! Jump to solution

divyavikas123
Explorer
‎06-12-2017 02:51 AM

I placed set -x in vmstat , its showing only cpu,memory and disk but its not showing RAM value,please tell me if I need to modify any more things.

0 Karma
Reply
Get Updates on the Splunk Community!

What’s New in Splunk Cloud Platform 9.1.2308?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can ...

Index This | Why do they call it hyper text?

November 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk

For the past three years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...