Splunk Search

Can you help me figure out what I'm doing wrong with my Base Collectd Configuration for a lab?

daniel333
Builder

All,

I am not able to get collectD metrics to appear on my Splunk stand alone instance.

I am setting up CollectD in my lab as recommended by our support engineer to replace Splunk for Nix eventually in prod. COMPLETELY new to this. I stole this config from the Splunk configuring collectd guide:

http://docs.splunk.com/Documentation/Splunk/7.2.0/Metrics/GetMetricsInCollectd#Configure_collectd

I have one box with everything on it including HEC.

LoadPlugin write_http
<Plugin write_http>
    <Node "node1">
        URL "https://localhost:8088/services/collector/raw"
        Header "Authorization: Splunk a31e3e37-4324-4219-8685-ce647c5be74d"
        Format "JSON"
        VerifyPeer false
        VerifyHost false
        Metrics true
        StoreRates true
    </Node>
</Plugin>

LoadPlugin cpu
<Plugin cpu>
  ReportByCpu true
</Plugin>

LoadPlugin interface

LoadPlugin syslog

LoadPlugin load
<Plugin load>
    ReportRelative true
</Plugin>

<Plugin logfile>
    LogLevel info
    File "/var/log/collectd.log"
    Timestamp true
    PrintSeverity false
</Plugin>

Include "/etc/collectd.d"

I don't think it's my HEC configuration as I can use this bash script I found to post collectD metrics to my metrics index without issue.

curl -k https://localhost:8088/services/collector/raw?sourcetype=collectd_http   \
-H "Authorization: Splunk a31e3e37-4324-4219-8685-ce647c5be74d"                                      \
-d '[{"values":[164.9196798931339196],"dstypes":["derive"],"dsnames":["value"],"time":1541268208.894,"interval":10.000,"host":"collectd","plugin":"protocols","plugin_instance":"IpExt","type":"protocol_counter","type_instance":"InOctets"}]'

So I think I must be doing something wrong with my collectd.conf file. But everything looks good as far as I know. Anything jumping out as a problem here to anyone?

EDIT - I just noticed that when I restart collectd, I get this message:

[root@splunkes administrator]# systemctl status collectd
● collectd.service - Collectd statistics daemon
   Loaded: loaded (/usr/lib/systemd/system/collectd.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-11-03 22:47:20 UTC; 2s ago
     Docs: man:collectd(1)
           man:collectd.conf(5)
 Main PID: 14295 (collectd)
   CGroup: /system.slice/collectd.service
           └─14295 /usr/sbin/collectd

Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
Nov 03 22:47:21 splunkes collectd[14295]: Available write targets: [none]
[root@splunkes administrator]# date
Sat Nov  3 22:47:29 UTC 2018
[root@splunkes administrator]#

philip_w
Explorer

same here....
Anyone knows what's the problem?

0 Karma

swissgato
New Member

same issue...

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...