Hi,
I would like to monitor the indexer itself. It is a radhat machine and I want the indexer to collect logfiles from the localhost, where splunk is running. This sounds stupid, I can't find a way to tell splunk that he should gather data from it's host.
I like to monitor CPU and Diskspace for example.
Nice to hear from you.
Jan
Hi Jan,
Well if you install the nix app it will work for that indexer and will be available via the web interface on that indexer alone (since by default indexer are search heads as well).
In a lone indexer scenario this would probably work out OK, and would only get cumbersome if you have a large distributed environment. Then I would go with something like Nagios which has an agent that can run and monitor this type of information a lot better than Splunk.
Thanks,
Kate
The whole environment is build on solid hardware which should have enough power. As far as I understand the full splunk version is not capable of "forward" the data (like perfmon-logs) from his own host, but the universal forwarder can gather logs from its host to forward it to the indexer?
Thanks for reply!
Jan
Hi,
No problem thanks for providing more info.
You can run the http://splunk-base.splunk.com/apps/22314/splunk-for-unix-and-linux app that will track this type of activity; but I would warn you that this can put an extra load on your indexers since it needs to monitor itself as well as accepting data from your forwarders and would not suggest it in a virtualized environment.
In most cases if you want to monitor the hardware(CPU/Memory/processes) of a box I'd use an app like Nagios and send the logs to Splunk for reporting and stats.
Thanks!
Kate
Dear Kate,
thanks for the reply. The app you posted is pretty useful, but not the solution to my question. SoS is more for monitoring the splunksoftware itself.
I'm searching for a way to gather perfmon-logs for the hardware where the indexer is running on. Do I have to install the universal forwarder on my indexer as well?
I mean for me it doesn't really make sense to install the Universal Forwarder when the full splunk software is already installed. But I can't find a way to get this logs from the splunkhardware...
I hope this describes my problem a bit more detailed.
Regards
Jan
Hi,
It sounds like you need S.O.S http://splunk-base.splunk.com/apps/29008/sos-splunk-on-splunk you can use the TA to monitor the indexers.
Thanks,
Kate