*NIX app and licensing recommendation?

Branden · ‎01-19-2011

We have a rather small Splunk license but this has suited us for quite a while.

Now we're experimenting with the *NIX app on Linux and quickly discovered that it chews up our license fast.

I know the *NIX app can be tweaked; some features enabled/disabled, polling intervals changed, etc... Does anyone have any recommendations for this? Are there features of the *NIX app you simply do not need/use? Are the default polling intervals too short? I realize everyone's needs are different, I'm just trying to get an idea of what people are doing.

Thanks!

treinke · ‎01-19-2011

One thing on unix based machines I found very helpful was monitoring of the /home/*/.history and /root/.history files. That was it is hard for the developer/admin to come back and say the system is broke and I didn't do anything. While it isn't real time, it is nice to have a record of what they have done.

There are no answer without questions

Branden · ‎01-19-2011

Thanks for the tip. We actually tried something like that on AIX but, unfortunately, AIX puts binary characters in their .sh_history files. Would definitely be interested in doing that on Linux though. Thanks!

*NIX app and licensing recommendation?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!