Monitoring Splunk

is I-data gathering (Resource Usage) not supported on this platform?

BDein
Explorer

Hi Everyone,

I have 5 instances of Splunk running my Mac (Big Sur v11.6):

  • SH+IDX
  • DPL
  • HFWD
  • UF (sending to HFWD)
  • UF (sending to IDX)

All working pretty well, but there are a few hick-ups running on MacOSX (Big Sur, 11.6), and the new major one I've run it to is there is NO introspection (Resource Usage) collected!
The "resource_usage.log" is completely empty, and running : 

 

 

 

/opt/splunk_dpl/bin/splunkd instrument-resource-usage -p 8087 --with-kvstore --debug

 

 

 

Writes:

 

 

 

I-data gathering (Resource Usage) not supported on this platform.
DEBUG RU_main - I-data gathering (IOWait Statistics) not supported on this OS
WARN WatchdogActions - Initialization failed for action=pstacks. Deleting.
DEBUG InstrumentThread - Entering 0th iter (thread KVStoreOperationStatsInstrumentThread)
DEBUG InstrumentThread - Entering 0th iter (thread KVStoreCollectionStatsInstrumentThread)
DEBUG InstrumentThread - Entering 0th iter (thread KVStoreServerStatusInstrumentThread)
DEBUG InstrumentThread - Entering 0th iter (thread KVStoreProfilingDataInstrumentThread)
DEBUG InstrumentThread - Entering 0th iter (thread KVStoreReplicaSetStatsInstrumentThread)

 

 

 

 
1. Does this really mean there is no support for resource usage on Mac, og am I getting something wrong here?

To me there is not really that much difference between a Mac and a Linux box (while knowing there are some differences) , and most commands run on a linux are run the exact same way on a mac.

2. If this does not come out of the box, how can it be enabled?
3. Which processes are run on linux to exactly fulfill the "Resource Usage" and IOWait stats, that one could try move into the mac?
4. Does anyone know exactly how and where the scripts/processes are configured in Splunk to facilitate this?

Any core details would be most appreciated.

Cheers,

Bjarne

0 Karma
1 Solution

VatsalJagani
Super Champion

Splunk documentation clearly says it is not supported on Mac os 11.

https://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonMacOS

VatsalJagani_0-1644475089064.png

 

I would suggest using a Virtual box and using Linux instead.

View solution in original post

0 Karma

VatsalJagani
Super Champion

Splunk documentation clearly says it is not supported on Mac os 11.

https://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonMacOS

VatsalJagani_0-1644475089064.png

 

I would suggest using a Virtual box and using Linux instead.

0 Karma

BDein
Explorer

Can it really be true, that no-one knows anything about this?

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...