How to index Nix metrics via Splunk Add-on for Spl...

Deployment Architecture

I want to monitor our Linux Splunk instances and am using the Splunk Add-on for Nix to collect metrics data and am sending it to em_metrics index and monitoring them as SAI entities via SAI on search head.

We have a clustered environment. I am trying to get data from 3 members indexer cluster and 3 members SH cluster. We have universal forwarders installed on all of our instances. I tried to deploy the add-on to UF’s but I couldn’t see the entities on SAI (no data coming through from the hosts).

Now I have installed Nix add-on to the indexer cluster and SH cluster and have changed the inputs to send data to em_metrics index being used in SAI.

The issue that I am facing is for the indexer/SH cluster it is only displaying indexer master and SH cluster captain entities in SAI. I can see the IP's of other members in the dimensions of entities, but I want each host as a seperate entity.

Could anyone please guide me through if I am doing something wrong or how I can achieve what I want to see SAI app? I have been stuck for a few days, so any help is appreciated.

Thanks.

Get Updates on the Splunk Community!

How to index Nix metrics via Splunk Add-on for Splunk Nix instances?

indexer clustering

Linux

search head clustering

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?