Splunk Tech Talks
Deep-dives for technical practitioners.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

Get Monitoring Tricks for All Your *nix Part 1

melissap
Splunk Employee
Splunk Employee
‎06-14-2020 03:31 PM

View our first IT Edition Tech Talk, Get Monitoring Tricks for All Your *nix Part 1  to see an introduction to the *nix Technical Add-on (TA), showing you how you can gain rapid insights and operational visibility into Unix and Linux environments. 

Get Monitoring Tricks for All Your *nix Part 1
Current Time 0:00
Duration 0:00
Loaded: 0%
Stream Type LIVE
Remaining Time 0:00
 
1x
    • Chapters
    • descriptions off, selected
    • captions off, selected
      (view in My Videos)



      Tune in for:

      • An introduction to the TA
      • A walk through demo showing set-up and available out-of-the-box content

      Check out our *nix conversations in Splunk Answers community for more!

      0 Karma
      4 Comments
      melissap
      Splunk Employee
      Splunk Employee
      ‎07-06-2020 06:36 AM

      Hey everyone! We had some great questions during this Tech Talk in June. 

      Recapping for all!

      Q: What is the difference between this add-on and the Splunk app\ add-on for Infrastructure which also includes Linux \ Unix monitoring?
      A: This TA collects data via shell scripts, and creates Splunk events. The add for infrastructure collects data via a collected agent and the data lands in Splunk as a metric.
       
      Q: Does the Nix TA put performance data into a metrics type index?
      A: This nix TA puts data into a Splunk index as an event, not a metric.
       
      Q: So should we move this data to the index of our choice or should we keep it in main?
      A: It's best to move this data to an index of your choice.
       
      Q: So we would do that in the input.conf of the Splunk_nix_ta folder. Correct?
      A: Correct! When you create the inputs.conf in your local folder, make sure to include the index=[your index] field under each input stanza.
       
      Q: When we refer pctCPU, how do we segregate if it's for 1 core or 12 core or 24 core?
      A: The cpu data comes in with one event per core, and another event that is an aggregate of all cores. 
      0 Karma
      melissap
      Splunk Employee
      Splunk Employee
      ‎07-06-2020 06:37 AM

      Here are all the follow up materials from the webinar. Enjoy!

      • Documentation –

      Data Collection

      Script Compatibility

      Sourcetypes

      Deployment

       

      0 Karma
      zpravaiz
      Loves-to-Learn
      ‎07-06-2020 11:14 PM

      Hi, I cannot register with these tech talks as drop-down fields show no data.  How can I access these talks?

      0 Karma
      melissap
      Splunk Employee
      Splunk Employee
      ‎07-07-2020 06:16 AM

      Hi @zpravaiz - In the drop down for Select Your Session - check mark OnDemand and then submit, you will then be given the link to the ondemand version. Thanks!

      0 Karma
      Get Updates on the Splunk Community!

      Fueling your curiosity with new Splunk ILT and eLearning courses

      At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

      Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

      Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

      Unleash Unified Security and Observability with Splunk Cloud Platform

           Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
      Top