i need to monitor process on linux servers. normlly i use ps -ef | grep java to see if my procees arae running. i need to implement this in splunk. can some one help on what should i put on the ps.sh file to get the result of this command on my splunk?
I am using RHEL. version varies from server to server.
You should be able to put exactly the same thing into your ps.sh file:
ps -ef | grep java
and create a scripted input in the Splunk Manager to run the script.
If you want to see a more sophisticated version of a ps.sh scripted input, you could install the *NIX Splunk app and take a look at its ps.sh script, which does some editing of the header lines.
More info here
Here is a very simple
ps.sh that should work for most flavors of Linux:
#!/bin/sh ps -ef | grep java
Make sure that ps.sh is executable (
chmod +x ps.sh). Put the script in an appropriate directory and then set up a scripted input in the Splunk Manager. In the scripted input, specify the absolute path to the script.
Okay, that means that your Linux does not support all of the options that were used in the ps.sh script.
I would do
man ps and look at the script to see which option might be causing the problem, and remove it. Or maybe there was a typo in one of the ps commands.
Of course, the problem might be in one of the other commands instead.
I will update my answer with a very simple script that should work.
i did this. i changed the already existing commands in the nested if structure of the ps.sh file that comes with *NIX app to ps-ef | grep and i tried to execute the file on the linux server itself by typing ./ps.sh
upon doing this i got the following error:
[karthik.balakrishnan@vtormftqa01 bin]$ ./ps.sh
ERROR: Unsupported SysV option.