Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I have Splunk app for infrastructure installed, how can I monitor services with with Windows and Linux client machines?

qhmassc
Explorer
‎01-23-2019 11:54 AM

I have Splunk app for infrastructure installed, how can I monitor services with Windows and Linux client machines?

0 Karma
Reply

dagarwal_splunk
Splunk Employee
Splunk Employee
‎02-01-2019 10:49 AM

@qhmassc

For Linux/Unix, you can use collectd's "Processes" plugin and send processes metrics data to SAI.

Just update your collectd.conf file and add this plugin and restart collectd. You can find lot of info on how to add this plugin with a quick search.

Reply

qhmassc
Explorer
‎02-01-2019 10:58 AM

Thanks, I have processes plugin configured, and process "crond" is monitored, I can find crond process is listed in the Metrics. but how can I monitor this process is up and run? use ps_code, ps_rss...?

Thanks again.

0 Karma
Reply

dagarwal_splunk
Splunk Employee
Splunk Employee
‎02-01-2019 11:08 AM

Sorry, I didn't completely get your follow-up question.
I guess once you configure collectd.conf and add all the processes you want to monitor, you should be able to see it in SAI Analysis page and you can monitor like setting up alerts?

0 Karma
Reply

dagarwal_splunk
Splunk Employee
Splunk Employee
‎02-01-2019 11:39 AM

I tried it and understand your question now.

0 Karma
Reply

dagarwal_splunk
Splunk Employee
Splunk Employee
‎02-01-2019 11:42 AM

What I found is that when I stopped the process that I was monitoring , all the values like
name.ps_code/ps_data etc becomes 0 from positive value.

Maybe set an alert on any of this value to monitor it?

0 Karma
Reply

pwu_splunk
Splunk Employee
Splunk Employee
‎01-24-2019 04:12 PM

If you're referring to metric collection, when you click on the Add Data page, there will be a set of tabs on the left that lists the different types of client machines that you can collect from. Each tab has further information on how to collect data from that machine type. For further information, you can refer to this link [1].

If you're referring to the service concept in Splunk (e.g. [2]), SII does not support this at this time...

If you're referring to OS services / processes, you can refer to vishaltaneja07011993's answer.

[1] https://docs.splunk.com/Documentation/InfraApp/1.2.2/Admin/AddData
[2] https://docs.splunk.com/Documentation/ITSI/4.1.0/Configure/CreateService

0 Karma
Reply

vishaltaneja070
Motivator
‎01-23-2019 11:42 PM

Hello @qhmassc

For Monitoring Windows services, there is no need of any app. Directly use the below link which can help to monitor windows service:

https://www.splunk.com/blog/2014/05/30/monitoring-windows-service-state-history.html

And in Linux we need to monitor processes , so for you can use Splunk App for Linux and Unix. This supports a ps data input which you can use to monitor processes.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...