All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk add-on for unix and linux: nfsiostat support for Rocky9?

JykkeDaMan
Path Finder
‎10-09-2023 10:04 AM

App: https://splunkbase.splunk.com/app/833

It looks like the nfsiostat.sh script is not compatible with the RHEL9. I'm testing with Rocky9.2 and the nfsiostat command output is already different to 7.9.

EDIT: It seems to support RHEL9 explicitly (without the new columns), but NOT Rocky9.

Example from 7.9:

 

 

 

# nfsiostat

server:/mnt/yumrepo mounted on /repos/pkg.repo.d:

   op/s		rpc bklog
  33.88 	   0.00
read:             ops/s		   kB/s		  kB/op		retrans		avg RTT (ms)	avg exe (ms)
		  1.382 	 43.682 	 31.613     3357 (0.0%) 	  0.612 	  1.551
write:            ops/s		   kB/s		  kB/op		retrans		avg RTT (ms)	avg exe (ms)
		  4.595 	138.038 	 30.041     1041 (0.0%) 	  1.659 	 11.039

 

 

 

Example from Rocky9.2:

- First op/s => ops/s
- 2 new metrics: "avg queue (ms)" and "errors"

 

 

 

server:/mnt/yumrepo mounted on /repos/pkg.repo.d:

           ops/s       rpc bklog
           0.453           0.000

read:              ops/s            kB/s           kB/op         retrans    avg RTT (ms)    avg exe (ms)  avg queue (ms)          errors
                   0.000           0.001           1.356        0 (0.0%)           0.096           0.108           0.006        0 (0.0%)
write:             ops/s            kB/s           kB/op         retrans    avg RTT (ms)    avg exe (ms)  avg queue (ms)          errors
                   0.001           0.035          25.519        0 (0.0%)           0.562           0.600           0.027        0 (0.0%)

 

 

 

 nfsiostat.sh script cannot parse the new format and currently I get something like this:

 

 

 

# /usr/ipbx/splunkforwarder/etc/apps/Splunk_TA_nix/bin/nfsiostat.sh
Mount                                                     Path                  r_op/s  w_op/s  r_KB/s   w_KB/s  rpc_backlog  r_avg_RTT  w_avg_RTT  r_avg_exe  w_avg_exe
server:/mnt/yumrepo  /repos/pkg.repo.d  read:   write:  ops/s    ops/s   0.000        avg        avg        RTT        RTT
0.000                                                     0.001                 rpc     0.096   0.108
0.001                                                     0.453                 read:   0.000   ops/s    avg     RTT
write:                                                    kB/o                  ops/s   rpc     mounted

 

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

JykkeDaMan
Path Finder
‎10-09-2023 11:17 AM

Yes, I will create a support request also. 

A quick and dirty workaround to get at least the same old columns from Rocky9 I can use field ID_LIKE from /etc/os-release:

 

 if [ -e $OS_FILE ] && ( ( (awk -F'=' '/ID_LIKE=/ {print $2}' $OS_FILE | grep -q rhel) ...

 

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎10-09-2023 11:07 AM

That is a Splunk-supported add-on so you can submit a support request (if you have entitlement) for RHEL9 support.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

JykkeDaMan
Path Finder
‎10-09-2023 11:17 AM

Yes, I will create a support request also. 

A quick and dirty workaround to get at least the same old columns from Rocky9 I can use field ID_LIKE from /etc/os-release:

 

 if [ -e $OS_FILE ] && ( ( (awk -F'=' '/ID_LIKE=/ {print $2}' $OS_FILE | grep -q rhel) ...

 

Reply
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...