Splunk Cloud Platform

Is there a way to monitor Linux server with Splunk but without any use of apps or plugins from Splunk base?

GustavMahler
Explorer

I am new to Splunk and did some fundamental courses to understand the platform. I have this question and would like to know if this is possible. I want to monitor Linux server (CPU usage, Disk usage, Ram usage and network metrics) with Splunk. I know there are lot of apps available on Splunkbase. But I want to know if there is a way to just use Splunk without need of any other apps from Splunkbase to accomplish this objective? 

0 Karma
1 Solution

Richfez
SplunkTrust
SplunkTrust

Absolutely!

You do know that apps on Splunkbase really are just a set of configurations, right?  You can write your own configurations - extractions, parsing, data collection inputs, etc... - to do all this yourself.

I heartily recommend against it though.  There are a LOT of gotchas and the details are fiddly and there's a lot of room for making it brittle or just plain wrong at times.  So there's a reason that those apps exist - to compile together some of the best, most tested ways to do it.

But for one-off or simple cases, sure.  Write a modular input that collects the output of the *nix "ps" command, and write a sourcetype for it to parse it correctly.  Or write a shell script that you run on a cron that massages the output of "ps" into something easier to work with (kv pairs comes to mind) and then dump it to a file that you use a batch/sinkhole input on to grab. 

Or, just install the app from Splunkbase and cut out 98.7% of the hard work by using someone else's tested configurations, inputs and whatnot for this job.

If I may ask - why do you want to avoid Splunkbase apps?

 

View solution in original post

Richfez
SplunkTrust
SplunkTrust

Absolutely!

You do know that apps on Splunkbase really are just a set of configurations, right?  You can write your own configurations - extractions, parsing, data collection inputs, etc... - to do all this yourself.

I heartily recommend against it though.  There are a LOT of gotchas and the details are fiddly and there's a lot of room for making it brittle or just plain wrong at times.  So there's a reason that those apps exist - to compile together some of the best, most tested ways to do it.

But for one-off or simple cases, sure.  Write a modular input that collects the output of the *nix "ps" command, and write a sourcetype for it to parse it correctly.  Or write a shell script that you run on a cron that massages the output of "ps" into something easier to work with (kv pairs comes to mind) and then dump it to a file that you use a batch/sinkhole input on to grab. 

Or, just install the app from Splunkbase and cut out 98.7% of the hard work by using someone else's tested configurations, inputs and whatnot for this job.

If I may ask - why do you want to avoid Splunkbase apps?

 

GustavMahler
Explorer

Thanks for the answer.  I am just curious if there is a way to monitor a Linux server through Splunk without apps or add-on from Splunkbase. 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...