I am trying to get the Splunk App for Unix and Linux to show memory information and it does not show anything. I have verified that vmstats is running and sending information. I can search on
sourcetype=vmstat and receive info for the servers.
Any help would be appreciated on how to rectify this issue.
We had the same problem, in the sourcetype vmstats were data. In the sourcetype cpu or df were no data. Verify that the os sysstat package is installed. After that we had data in both sourcetypes.
sysstat is installed on the systems. the issue isn't that we are not receiving information for those sourcetypes. we get them when we search for them, we just don't get them in the app for unix/linux even though the sourcetypes are configured in the app.
my bad for the quick read of the issue.
if you go into the Splunk for *nix app, and go to settings >> your data >> Memory data
are you set to sourcetype=vmstat?
If so, when you hit the preview button, do any events return?
Perhaps try hitting save on that page again?
Also, can you advise where in the app you are looking? Both on the home page and on the hosts page? What do you see for the hosts page when in table view?
sourcetype=vmstat and doing a preview I do get the vmstat data.
I am looking at it both from the home page, metrics page, and hosts page. It shows nothing. The hosts page says both memory and disk is unknown and asks if they are enabled, which they are.