Deployment Architecture

Linux Scripting

hi all,
i need to monitor process on linux servers. normlly i use ps -ef | grep java to see if my procees arae running. i need to implement this in splunk. can some one help on what should i put on the ps.sh file to get the result of this command on my splunk?
I am using RHEL. version varies from server to server.

Tags (3)
0 Karma

New Member

hi
is there any update for this ?
I also trying to attempt this but its not working.
Thanks.

0 Karma

Legend

You should be able to put exactly the same thing into your ps.sh file:

ps -ef | grep java

and create a scripted input in the Splunk Manager to run the script.

If you want to see a more sophisticated version of a ps.sh scripted input, you could install the *NIX Splunk app and take a look at its ps.sh script, which does some editing of the header lines.

More info here

Here is a very simple ps.sh that should work for most flavors of Linux:

#!/bin/sh  
ps -ef | grep java

Make sure that ps.sh is executable (chmod +x ps.sh). Put the script in an appropriate directory and then set up a scripted input in the Splunk Manager. In the scripted input, specify the absolute path to the script.

0 Karma

Legend

Okay, that means that your Linux does not support all of the options that were used in the ps.sh script.

I would do man ps and look at the script to see which option might be causing the problem, and remove it. Or maybe there was a typo in one of the ps commands.

Of course, the problem might be in one of the other commands instead.

I will update my answer with a very simple script that should work.

0 Karma

i did this. i changed the already existing commands in the nested if structure of the ps.sh file that comes with *NIX app to ps-ef | grep and i tried to execute the file on the linux server itself by typing ./ps.sh
upon doing this i got the following error:

[karthik.balakrishnan@vtormftqa01 bin]$ ./ps.sh
ERROR: Unsupported SysV option.

0 Karma