Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Linux Scripting
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Linux Scripting
hi all,
i need to monitor process on linux servers. normlly i use ps -ef | grep java to see if my procees arae running. i need to implement this in splunk. can some one help on what should i put on the ps.sh file to get the result of this command on my splunk?
I am using RHEL. version varies from server to server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi
is there any update for this ?
I also trying to attempt this but its not working.
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should be able to put exactly the same thing into your ps.sh file:
ps -ef | grep java
and create a scripted input in the Splunk Manager to run the script.
If you want to see a more sophisticated version of a ps.sh scripted input, you could install the *NIX Splunk app and take a look at its ps.sh script, which does some editing of the header lines.
More info here
Here is a very simple ps.sh that should work for most flavors of Linux:
#!/bin/sh
ps -ef | grep java
Make sure that ps.sh is executable (chmod +x ps.sh). Put the script in an appropriate directory and then set up a scripted input in the Splunk Manager. In the scripted input, specify the absolute path to the script.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay, that means that your Linux does not support all of the options that were used in the ps.sh script.
I would do man ps and look at the script to see which option might be causing the problem, and remove it. Or maybe there was a typo in one of the ps commands.
Of course, the problem might be in one of the other commands instead.
I will update my answer with a very simple script that should work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i did this. i changed the already existing commands in the nested if structure of the ps.sh file that comes with *NIX app to ps-ef | grep and i tried to execute the file on the linux server itself by typing ./ps.sh
upon doing this i got the following error:
[karthik.balakrishnan@vtormftqa01 bin]$ ./ps.sh
ERROR: Unsupported SysV option.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
