Monitoring Splunk

How do I check CPU and memory utilization of my system?

rajinigv
New Member

2 panels should be developed on a single dashboard, one for CPU and one for memory monitoring of your local system. This should check for CPU and memory utilization of your system every one minute. When the utilization is below 80%, the color of the cell should be green, between 80% and 90% color should be yellow and above 90% color should red. When you click on the row, it should take you to a drill down panel that shows CPU/Memory Utilization history, and for this, you will need 2 additional dashboards. We should be able to select from the drop down for what time range we want to see the history (time range picker).

Tags (2)
0 Karma
1 Solution

sapanda
Path Finder

Hello @rajinigv ,

I am new to Splunk and recently i tried something which helped.

There are 2 ways to achieve this:
1. Use the In-built Apps for Windows and Unix. This involves installing the add-ons for Unix and Windows on the universal forwarders and getting the the data into Splunk. Then, you can create a dashboard and write queries for showing the data in the dashboard. Look for more details in "getting data in" and "creating dashboards" in the splunk docs.

  1. You can define custom apps for collecting specific data(cpu/memory) into splunk. This involves define the source of your data(inputs.conf) and the destination of your data(outputs.conf).

The details for both the above methods are available are available in splunk docs. I would recommend going through the docs to have a better understanding on the methods.

Thanks,
Sapan

View solution in original post

0 Karma

sapanda
Path Finder

Hello @rajinigv ,

I am new to Splunk and recently i tried something which helped.

There are 2 ways to achieve this:
1. Use the In-built Apps for Windows and Unix. This involves installing the add-ons for Unix and Windows on the universal forwarders and getting the the data into Splunk. Then, you can create a dashboard and write queries for showing the data in the dashboard. Look for more details in "getting data in" and "creating dashboards" in the splunk docs.

  1. You can define custom apps for collecting specific data(cpu/memory) into splunk. This involves define the source of your data(inputs.conf) and the destination of your data(outputs.conf).

The details for both the above methods are available are available in splunk docs. I would recommend going through the docs to have a better understanding on the methods.

Thanks,
Sapan

View solution in original post

0 Karma

rajinigv
New Member

can you just explain me about inputs.conf procedure please @sapanda

0 Karma

sapanda
Path Finder

Hello @rajinigv ,

The inputs.conf file is used to setup the data you want to get in to your Splunk system. Suppose you have a universal forwarder on a Linux system and you want to get data from your /var/log/messages to the forwarder, you can define your inputs.conf as follows:

[monitor:///var/log/messages]
disabled = false
index =
sourcetype =
interval =

The inputs.conf file goes to the location /etc/apps//local of your universal forwarder. You would need to create the index on your indexer for the data collection to start.

If you have a deployment server, you can create the file on the deployment server and 'push' the configuration to the forwarder as well. Below is a link which provides more details of the process. Hope this helps.

https://docs.splunk.com/Documentation/Splunk/7.2.3/Updating/Exampleaddaninputtoforwarders

Thanks,
Sapan

0 Karma

rajinigv
New Member

hii @sapanda thanks for your rply, iam new to splunk and here iam unable to use forwarder,
i want to know where to configure that input file for cpu and memory utilization.
and and what does deployment server mean..? once again tysm for spending your precious time!

0 Karma

sapanda
Path Finder

Hello @rajinigv ,

You should always use forwarders to get metrics into your splunk enterprise. You can then create custom apps or you can use the pre-built infrastructure apps to get the metrics required into Splunk. I would suggest to first install the forwarder and then install the app and add-on to get the data. you can easily find the documentation for the same in Splunk documentation. Below are a few useful links to get you started:

Forwarder Manual:
https://docs.splunk.com/Documentation/Forwarder/7.2.3/Forwarder/Abouttheuniversalforwarder

Splunk App and Add-on configuration for Unix :
https://docs.splunk.com/Documentation/Forwarder/7.2.3/Forwarder/Abouttheuniversalforwarder

Splunk App and Add-on configuration for Windows:
https://docs.splunk.com/Documentation/MSApp/1.5.1/MSInfra/AbouttheSplunkAppforMSInfrastructure

I would suggest to go through the Splunk documentation. you would find all the useful information in the docs( that is where i started 🙂 ).

Hope this helps.

Thanks,
Sapan

0 Karma

rajinigv
New Member

ok thanks @sapanda

0 Karma

woodcock
Esteemed Legend

Both the Windows TA and the TA for *NIX have settings in the inputs.conf to accomplish this. Check apps.splunk.com.

0 Karma

rajinigv
New Member

i need complete step by step procedure for this problem. can you just help me out? @woodcock

0 Karma

dkeck
Influencer

Hi. What OS are you talking about? For windows and Linux there should be apps in splunkbase. For splunk itself you should use the Managent console for this information

0 Karma

rajinigv
New Member

for windows and i have an app in my pc and may i know how to use the management console for this? @dkeck

0 Karma

dkeck
Influencer

In every splunk instance you can reach the Management Console under settings->Monitoring console ( left side, under Add Data)

0 Karma

rajinigv
New Member

thanks for the reply, i found it is inbuilt. it should not be like that i have to add data from local system to splunk and then search on it can you tell me how to do that. @dkeck

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!