Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Linux Scripting

karthikbalakris
Explorer
‎11-26-2012 11:21 AM

hi all,
i need to monitor process on linux servers. normlly i use ps -ef | grep java to see if my procees arae running. i need to implement this in splunk. can some one help on what should i put on the ps.sh file to get the result of this command on my splunk?
I am using RHEL. version varies from server to server.

Tags (3)
0 Karma
Reply

tgmvt03
Engager
‎08-21-2018 07:00 PM

hi
is there any update for this ?
I also trying to attempt this but its not working.
Thanks.

0 Karma
Reply

lguinn2
Legend
‎11-26-2012 11:32 AM

You should be able to put exactly the same thing into your ps.sh file:

ps -ef | grep java

and create a scripted input in the Splunk Manager to run the script.

If you want to see a more sophisticated version of a ps.sh scripted input, you could install the *NIX Splunk app and take a look at its ps.sh script, which does some editing of the header lines.

More info here

Here is a very simple ps.sh that should work for most flavors of Linux:

#!/bin/sh  
ps -ef | grep java

Make sure that ps.sh is executable (chmod +x ps.sh). Put the script in an appropriate directory and then set up a scripted input in the Splunk Manager. In the scripted input, specify the absolute path to the script.

0 Karma
Reply

lguinn2
Legend
‎11-26-2012 01:46 PM

Okay, that means that your Linux does not support all of the options that were used in the ps.sh script.

I would do man ps and look at the script to see which option might be causing the problem, and remove it. Or maybe there was a typo in one of the ps commands.

Of course, the problem might be in one of the other commands instead.

I will update my answer with a very simple script that should work.

0 Karma
Reply

karthikbalakris
Explorer
‎11-26-2012 11:43 AM

i did this. i changed the already existing commands in the nested if structure of the ps.sh file that comes with *NIX app to ps-ef | grep and i tried to execute the file on the linux server itself by typing ./ps.sh
upon doing this i got the following error:

[karthik.balakrishnan@vtormftqa01 bin]$ ./ps.sh
ERROR: Unsupported SysV option.

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...