Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to monitor Linux server with Splunk but without any use of apps or plugins from Splunk base?

GustavMahler
Explorer
‎09-29-2021 07:30 AM

I am new to Splunk and did some fundamental courses to understand the platform. I have this question and would like to know if this is possible. I want to monitor Linux server (CPU usage, Disk usage, Ram usage and network metrics) with Splunk. I know there are lot of apps available on Splunkbase. But I want to know if there is a way to just use Splunk without need of any other apps from Splunkbase to accomplish this objective? 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎09-29-2021 07:53 AM

Absolutely!

You do know that apps on Splunkbase really are just a set of configurations, right?  You can write your own configurations - extractions, parsing, data collection inputs, etc... - to do all this yourself.

I heartily recommend against it though.  There are a LOT of gotchas and the details are fiddly and there's a lot of room for making it brittle or just plain wrong at times.  So there's a reason that those apps exist - to compile together some of the best, most tested ways to do it.

But for one-off or simple cases, sure.  Write a modular input that collects the output of the *nix "ps" command, and write a sourcetype for it to parse it correctly.  Or write a shell script that you run on a cron that massages the output of "ps" into something easier to work with (kv pairs comes to mind) and then dump it to a file that you use a batch/sinkhole input on to grab. 

Or, just install the app from Splunkbase and cut out 98.7% of the hard work by using someone else's tested configurations, inputs and whatnot for this job.

If I may ask - why do you want to avoid Splunkbase apps?

 

View solution in original post

Reply
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎09-29-2021 07:53 AM

Absolutely!

You do know that apps on Splunkbase really are just a set of configurations, right?  You can write your own configurations - extractions, parsing, data collection inputs, etc... - to do all this yourself.

I heartily recommend against it though.  There are a LOT of gotchas and the details are fiddly and there's a lot of room for making it brittle or just plain wrong at times.  So there's a reason that those apps exist - to compile together some of the best, most tested ways to do it.

But for one-off or simple cases, sure.  Write a modular input that collects the output of the *nix "ps" command, and write a sourcetype for it to parse it correctly.  Or write a shell script that you run on a cron that massages the output of "ps" into something easier to work with (kv pairs comes to mind) and then dump it to a file that you use a batch/sinkhole input on to grab. 

Or, just install the app from Splunkbase and cut out 98.7% of the hard work by using someone else's tested configurations, inputs and whatnot for this job.

If I may ask - why do you want to avoid Splunkbase apps?

 

Reply
Solved! Jump to solution

GustavMahler
Explorer
‎09-29-2021 08:54 AM

Thanks for the answer.  I am just curious if there is a way to monitor a Linux server through Splunk without apps or add-on from Splunkbase. 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top