- Splunk Answers
- :
- Splunk Platform Products
- :
- Splunk Cloud Platform
- :
- Is there a way to monitor Linux server with Splunk...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am new to Splunk and did some fundamental courses to understand the platform. I have this question and would like to know if this is possible. I want to monitor Linux server (CPU usage, Disk usage, Ram usage and network metrics) with Splunk. I know there are lot of apps available on Splunkbase. But I want to know if there is a way to just use Splunk without need of any other apps from Splunkbase to accomplish this objective?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Absolutely!
You do know that apps on Splunkbase really are just a set of configurations, right? You can write your own configurations - extractions, parsing, data collection inputs, etc... - to do all this yourself.
I heartily recommend against it though. There are a LOT of gotchas and the details are fiddly and there's a lot of room for making it brittle or just plain wrong at times. So there's a reason that those apps exist - to compile together some of the best, most tested ways to do it.
But for one-off or simple cases, sure. Write a modular input that collects the output of the *nix "ps" command, and write a sourcetype for it to parse it correctly. Or write a shell script that you run on a cron that massages the output of "ps" into something easier to work with (kv pairs comes to mind) and then dump it to a file that you use a batch/sinkhole input on to grab.
Or, just install the app from Splunkbase and cut out 98.7% of the hard work by using someone else's tested configurations, inputs and whatnot for this job.
If I may ask - why do you want to avoid Splunkbase apps?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Absolutely!
You do know that apps on Splunkbase really are just a set of configurations, right? You can write your own configurations - extractions, parsing, data collection inputs, etc... - to do all this yourself.
I heartily recommend against it though. There are a LOT of gotchas and the details are fiddly and there's a lot of room for making it brittle or just plain wrong at times. So there's a reason that those apps exist - to compile together some of the best, most tested ways to do it.
But for one-off or simple cases, sure. Write a modular input that collects the output of the *nix "ps" command, and write a sourcetype for it to parse it correctly. Or write a shell script that you run on a cron that massages the output of "ps" into something easier to work with (kv pairs comes to mind) and then dump it to a file that you use a batch/sinkhole input on to grab.
Or, just install the app from Splunkbase and cut out 98.7% of the hard work by using someone else's tested configurations, inputs and whatnot for this job.
If I may ask - why do you want to avoid Splunkbase apps?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the answer. I am just curious if there is a way to monitor a Linux server through Splunk without apps or add-on from Splunkbase.
Introducing the Splunk Community Dashboard Challenge!
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
