Hi,
Is there an easy way to get resource usage for a universal forwarder? I don't see anything in the distributed management console.
I would recommend using the "Splunk Add-on for Unix" app. It has many scripted inputs that can be turned on via the inputs.conf to collect such performance and usage data. (https://splunkbase.splunk.com/app/833/#/overview)
I would also like to note if you are going to use this on many UFs it is recommended that you use a deployment server to mange the app.
You can enable platform instrumentation which will start populating the _introspection index (disabled by default on UF) by following these steps: http://docs.splunk.com/Documentation/Splunk/6.1.4/Troubleshooting/ConfigurePIF
sourcetype=splunk_resource_usage should give you some insights into what you're looking for.
Most cheerful!
I thought most folks do this by using things like the Nix and Win TAs to get process resource consumption in the same way they would for any process running on the host. (A la ps.sh and its Windows equivalent)
Thanks. I take it that means it's not built into introspection?
Another approach (there might be more I'm sure).
If UNIX:
If Windows:
You need to deploy perfmon
:
http://blogs.splunk.com/2013/10/28/new-features-for-perfmon-in-splunk-6/
What do you mean? What would you like to see?
cpu and memory, mainly, per splunk process, if possible.