Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Displaying results of Unix processes on dashboard

bsaujla131984
Path Finder
‎12-15-2018 04:29 PM

I have created a search where unix process names are searched and display results on dashboard.

Is there a way where I can display results in terms of running or not running if certain process names are not found or found in the search?

Tags (1)
0 Karma
Reply

whrg
Motivator
‎12-21-2018 12:50 AM

You might want to provide a specific example as to what your expected results should look like. Do you want a table or a timechart or something else?

If you have a list of processes (I'm using a list of sourcetypes here) and you want to show which of them are running, try something like this:

| makeresults count=1 | fields - _time
| eval sourcetype="splunkd,audittrail,something,something_else" | makemv sourcetype delim="," | mvexpand sourcetype
| join type=left sourcetype [search index=_* | dedup sourcetype | table sourcetype | eval Status="ON"]
| fillnull value="OFF" Status

This gives me the following:

Status   sourcetype
ON       splunkd
ON       audittrail
OFF      something
OFF      something_else
0 Karma
Reply

whrg
Motivator
‎12-16-2018 05:58 AM

@bsaujla131984 Is your search meant for one server or for multiple servers?
And where do you get the list of "certain processes" from? Is there a predefined list of processes which you want to monitor?

0 Karma
Reply

baljit_aujla
New Member
‎12-20-2018 06:36 PM

I am the same guy bsaujla131984...logged with other ID.

0 Karma
Reply

baljit_aujla
New Member
‎12-20-2018 06:34 PM

Hi Whrg ,

I am trying as below:-

index=unix_app host="#####" Process1 OR Process1 OR Process2 OR Process3 COMMAND=java | dedup process | rex "(?Process1|Process2|Process3|)" | timechart count(process) by myField | stats max(*) AS * | Transpose

It shows up process on dashboard without any status like running or not.

In case if not running, then it simply does not show anything it all for that process.

Thanks,

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...