All Apps and Add-ons

Splunk for VMware Forwarder Appliance and *nix app

colinj
Path Finder

Howdy all,

I've got the Forwarder Appliance for Splunk for VMware up and running and I was hoping to monitor its behavior via Splunk. Since it is basically a Linux (CentOS) vm I have enabled the *nix app on it which seems to be working, for the most part. However there seem to be some data that are missing. It looks like neither sar or iostat are available on the FA. What this means is that I cannot collect cpu stats (among other things) from the FA. My reason for wanting this data is so that I can see how loaded the FA is and so that I can make a case for increasing its resources (CPU and RAM) if it is overloaded.

So, what's the right way to get all of the *nix app inputs to work properly on the FA?

0 Karma
1 Solution

colinj
Path Finder

Well, here's what I did to solve this at least in the short run.

  1. Found the necessary package with yum. yum whatprovides *bin/sar
  2. Installed the necessary package with yum. sudo yum install sysstat-7.0.2-12.el5.x86_64

View solution in original post

colinj
Path Finder

Well, here's what I did to solve this at least in the short run.

  1. Found the necessary package with yum. yum whatprovides *bin/sar
  2. Installed the necessary package with yum. sudo yum install sysstat-7.0.2-12.el5.x86_64

bbingham
Builder

We simply were cutting as many packages as possible that weren't needed by the FA. We elected to cut most of these, because you can collect the same data for the FA using the normal perf collection of the app. If there's a compelling reason, we can make sure it's in there.

0 Karma

colinj
Path Finder

So now my question is, was this package left off of the FA intentionally? If so why? Can it be included in future releases of the FA?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...