Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: How can I get a complete list of processes use...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am using 6.2.1 on Linux and we need a list of all processes that are used by splunk. I could find below list for windows environment.
http://docs.splunk.com/Documentation/Splunk/6.2.1/ReleaseNotes/RunningSplunkalongsideWindowsantiviru...
Can anyone advise on how to get a complete list of processes used by splunk for linux ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would recommend to build such a list by searching against Splunk's own introspection logs, like so:
List of process names, no arguments:
index=_introspection component=PerProcess
| stats count by data.process
| fields - count- Full command lines (process + arguments):
index=_introspection component=PerProcess
| eval args = if(isnotnull('data.search_props.sid'),"search (...)",'data.args')
| eval process = 'data.process'." ".args
| stats count by process
| fields - count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would recommend to build such a list by searching against Splunk's own introspection logs, like so:
List of process names, no arguments:
index=_introspection component=PerProcess
| stats count by data.process
| fields - count- Full command lines (process + arguments):
index=_introspection component=PerProcess
| eval args = if(isnotnull('data.search_props.sid'),"search (...)",'data.args')
| eval process = 'data.process'." ".args
| stats count by process
| fields - count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[root@node1~]# ps -aux | grep splunk
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
root 15438 2.5 5.2 315288 107984 ? Sl Jan19 311:55 splunkd -p 8089 restart
root 15439 0.1 0.3 52736 7340 ? Ss Jan19 24:02 [splunkd pid=15438] splunkd -p 8089 restart [process-runner]
root 15446 0.9 1.8 275552 37200 ? Ssl Jan19 112:42 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --port=8191 --timeStampFormat=iso8601-utc --smallfiles --oplogSize=1000 --keyFile=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --setParameter=enableLocalhostAuthBypass=0 --sslMode=preferSSL --sslPEMKeyFile=/opt/splunk/etc/auth/server.pem --sslPEMKeyPassword=xxxxxxxx
root 15508 0.5 5.5 977624 113976 ? Ssl Jan19 68:25 /opt/splunk/bin/python -O /opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000
root 15522 0.1 1.3 77300 28568 ? Ssl Jan19 22:05 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089
root 24325 0.0 0.0 103236 800 pts/0 S+ 00:26 0:00 grep splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aakwah,
Thank you very much for your reply.The problem of ps -aux is that I can not get the processes which are not constantly running like splunk-optimize. Any advise on how to get those kind of process too ?
Tech Talk Recap | Mastering Threat Hunting
Observability for AI Applications: Troubleshooting Latency
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
