Dashboards & Visualizations

Displaying results of Unix processes on dashboard

bsaujla131984
Path Finder

I have created a search where unix process names are searched and display results on dashboard.

Is there a way where I can display results in terms of running or not running if certain process names are not found or found in the search?

Tags (1)
0 Karma

whrg
Motivator

You might want to provide a specific example as to what your expected results should look like. Do you want a table or a timechart or something else?

If you have a list of processes (I'm using a list of sourcetypes here) and you want to show which of them are running, try something like this:

| makeresults count=1 | fields - _time
| eval sourcetype="splunkd,audittrail,something,something_else" | makemv sourcetype delim="," | mvexpand sourcetype
| join type=left sourcetype [search index=_* | dedup sourcetype | table sourcetype | eval Status="ON"]
| fillnull value="OFF" Status

This gives me the following:

Status   sourcetype
ON       splunkd
ON       audittrail
OFF      something
OFF      something_else
0 Karma

whrg
Motivator

@bsaujla131984 Is your search meant for one server or for multiple servers?
And where do you get the list of "certain processes" from? Is there a predefined list of processes which you want to monitor?

0 Karma

baljit_aujla
New Member

I am the same guy bsaujla131984...logged with other ID.

0 Karma

baljit_aujla
New Member

Hi Whrg ,

I am trying as below:-

index=unix_app host="#####" Process1 OR Process1 OR Process2 OR Process3 COMMAND=java | dedup process | rex "(?Process1|Process2|Process3|)" | timechart count(process) by myField | stats max(*) AS * | Transpose

It shows up process on dashboard without any status like running or not.

In case if not running, then it simply does not show anything it all for that process.

Thanks,

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...