Monitoring Splunk

What is the best app to monitor Linux in Splunk?

sandeepmakkena
Contributor

This is my 1st time working with apps, so I have few questions.

  1. We have a forwarder installed on our host forwarding data to a different index. I want to install Nmon or *nix to monitor Linux systems. What would be the process or steps to get it done ? (I am not sure search head is on the same server with Indexer or not)

  2. Which one of the apps are better (right now we are looking only for dashboards)?

  3. Are they free or do they have license cost ?

Tags (1)
0 Karma
1 Solution

gjanders
SplunkTrust
SplunkTrust

If your using Splunk 7 or newer try the metricator app for the search heads
Install Technical Addon for the Metricator application for Nmon anywhere you want metrics from (for example search heads, universal forwarders, et cetera)
Support Addon for the Metricator application for Nmon is for the indexers/index setup

Documentation here

The *nix TA doesn't use metrics but can also gather stats/has basic dashboards, Splunk Add-on for Linux has dashboards for metrics and assumes you collect stats via collectd or similar.

Have a read and decide which one you want, they are all free so install and test them and then decide...
Here's the link for the Nix TA: Splunk Add-on for Unix and Linux

View solution in original post

gjanders
SplunkTrust
SplunkTrust

If your using Splunk 7 or newer try the metricator app for the search heads
Install Technical Addon for the Metricator application for Nmon anywhere you want metrics from (for example search heads, universal forwarders, et cetera)
Support Addon for the Metricator application for Nmon is for the indexers/index setup

Documentation here

The *nix TA doesn't use metrics but can also gather stats/has basic dashboards, Splunk Add-on for Linux has dashboards for metrics and assumes you collect stats via collectd or similar.

Have a read and decide which one you want, they are all free so install and test them and then decide...
Here's the link for the Nix TA: Splunk Add-on for Unix and Linux

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...