- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- TA-nmon configuration - Universal Forwarder - RHEL
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TA-nmon configuration - Universal Forwarder - RHEL
Hi team,
I am trying out the nmon app and add-on for splunk. I have installed the app on the Splunk Indexer (Single instance containing Indexer, Heavy Forwarder and Search Head). I am able to see csv files created in the $SPLUNKHOME/var/log/nmon/var/csv_repository folder of the server and I am able to see corresponding reports on the NMON app on the Splunk console.
However, on the Universal Forwarder, I have downloaded and extracted the ta-nmon-technical-addon-for-nmon-performance-monitor_1331.tgz file in the $SPLUNKHOME/etc/apps. I have copied across inputs.conf and props.conf from $SPLUNKHOME/etc/apps/TA-nmon/default to $SPLUNKHOME/etc/apps/TA-nmon/local directory. Restarted Splunk on the UF server. However, I am neither seeing the csv files being created nor any logs coming through to the Splunk console.
Both the Splunk server and the UF are Red Hat Linux servers.
Both of them have Perl (v 5.10.1) and Python (v 2.6.6) installed.
Happy to provide more info as required.
Thanks,
Krishna
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello !
Thank you for very much for your interest over the Nmon application suite.
To reply to your question, since your client server running the Splunk UF have a Python version lower than 2.7.x, the TA-nmon automatically switches to use the Perl interpreter.
In that case, you need to have the "perl-Time-HiRes" Perl library available on your hosts, please consult the documentation:
http://ta-nmon-hec.readthedocs.io/en/latest/requirements.html
Errors for UF missing the Perl library will be visible in the notable events from the Home page of the Nmon Splunk application.
On RHEL, you would:
yum install perl-Time-HiRes
Notes: The copy of default/props.conf and/or default/inputs.conf to local/ is only needed if you have any configuration customisation to achieve.
Otherwise that is not required and the TA-nmon in its default configuration works built-in,
Kind regards,
Guilhem
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guilhem,
Many thanks for your quick turnaround. I will give it a try and keep you posted on how it goes.
Cheers,
Krishna
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With pleasure, let me know yes
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
