Splunk Cloud Platform

Is there a way to monitor Linux server with Splunk but without any use of apps or plugins from Splunk base?

GustavMahler
Explorer

I am new to Splunk and did some fundamental courses to understand the platform. I have this question and would like to know if this is possible. I want to monitor Linux server (CPU usage, Disk usage, Ram usage and network metrics) with Splunk. I know there are lot of apps available on Splunkbase. But I want to know if there is a way to just use Splunk without need of any other apps from Splunkbase to accomplish this objective? 

0 Karma
1 Solution

Richfez
SplunkTrust
SplunkTrust

Absolutely!

You do know that apps on Splunkbase really are just a set of configurations, right?  You can write your own configurations - extractions, parsing, data collection inputs, etc... - to do all this yourself.

I heartily recommend against it though.  There are a LOT of gotchas and the details are fiddly and there's a lot of room for making it brittle or just plain wrong at times.  So there's a reason that those apps exist - to compile together some of the best, most tested ways to do it.

But for one-off or simple cases, sure.  Write a modular input that collects the output of the *nix "ps" command, and write a sourcetype for it to parse it correctly.  Or write a shell script that you run on a cron that massages the output of "ps" into something easier to work with (kv pairs comes to mind) and then dump it to a file that you use a batch/sinkhole input on to grab. 

Or, just install the app from Splunkbase and cut out 98.7% of the hard work by using someone else's tested configurations, inputs and whatnot for this job.

If I may ask - why do you want to avoid Splunkbase apps?

 

View solution in original post

Richfez
SplunkTrust
SplunkTrust

Absolutely!

You do know that apps on Splunkbase really are just a set of configurations, right?  You can write your own configurations - extractions, parsing, data collection inputs, etc... - to do all this yourself.

I heartily recommend against it though.  There are a LOT of gotchas and the details are fiddly and there's a lot of room for making it brittle or just plain wrong at times.  So there's a reason that those apps exist - to compile together some of the best, most tested ways to do it.

But for one-off or simple cases, sure.  Write a modular input that collects the output of the *nix "ps" command, and write a sourcetype for it to parse it correctly.  Or write a shell script that you run on a cron that massages the output of "ps" into something easier to work with (kv pairs comes to mind) and then dump it to a file that you use a batch/sinkhole input on to grab. 

Or, just install the app from Splunkbase and cut out 98.7% of the hard work by using someone else's tested configurations, inputs and whatnot for this job.

If I may ask - why do you want to avoid Splunkbase apps?

 

GustavMahler
Explorer

Thanks for the answer.  I am just curious if there is a way to monitor a Linux server through Splunk without apps or add-on from Splunkbase. 

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...