How to index Nix metrics via Splunk Add-on for Spl...

Abha11 · ‎10-05-2020

I want to monitor our Linux Splunk instances and am using the Splunk Add-on for Nix to collect metrics data and am sending it to em_metrics index and monitoring them as SAI entities via SAI on search head.

We have a clustered environment. I am trying to get data from 3 members indexer cluster and 3 members SH cluster. We have universal forwarders installed on all of our instances. I tried to deploy the add-on to UF’s but I couldn’t see the entities on SAI (no data coming through from the hosts).

Now I have installed Nix add-on to the indexer cluster and SH cluster and have changed the inputs to send data to em_metrics index being used in SAI.

The issue that I am facing is for the indexer/SH cluster it is only displaying indexer master and SH cluster captain entities in SAI. I can see the IP's of other members in the dimensions of entities, but I want each host as a seperate entity.

Could anyone please guide me through if I am doing something wrong or how I can achieve what I want to see SAI app? I have been stuck for a few days, so any help is appreciated.

Thanks.

How to index Nix metrics via Splunk Add-on for Splunk Nix instances?

indexer clustering

Linux

search head clustering

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?