I have installed the Splunk App for Unix and Linux, enabled cpu.sh, and installed sysstat package. Also, I have added to inputs.conf (.../etc/system/local/) the following stanza:
[script://./bin/cpu.sh] sourcetype = cpu source = cpu interval = 300 index = os disabled = 0
But "CPU Used By Group" in the Splunk App for Unix shows "No Results Found".
In S.o.S I can see CPU usage.
Thank you for any help.
You need to install sysstat package in linux as it doesn't come preloded with it.. Additionally, you have to make following changes in web.conf file
minify_js = True
Restart service. It should work fine
This issue is not caused by the Splunk_TA_nix addon app. I do see both cpu and mem data coming in to the splunk enterprise/monitoring instance when doing a preview in the splunk_app_for_nix settings tab.
It appears to be an issue with the splunk_app_for_nix application itself, not being able to interpret or read the incoming data for cpu and mem. The metrics tab on splunk_app_for_nix is also blank.
Follow searches returns results:
index=os sourcetype=os host=ubuntu
index=os sourcetype=top host=ubuntu
This example also return results - "index=os sourcetype=top host=ubuntu | chart avg(pctCPU) as avgCPU avg(pctMEM) as avgMEM by _time".
Splunk App for Unix does not see cpu.
I'm slightly disappointed.