Splunk Tech Talks
Deep-dives for technical practitioners.
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

Get Monitoring Tricks for All Your *nix Part 1

melissap
Splunk Employee
Splunk Employee
‎06-14-2020 03:31 PM

View our first IT Edition Tech Talk, Get Monitoring Tricks for All Your *nix Part 1  to see an introduction to the *nix Technical Add-on (TA), showing you how you can gain rapid insights and operational visibility into Unix and Linux environments. 

Get Monitoring Tricks for All Your *nix Part 1
Current Time 0:00
Duration 0:00
Loaded: 0%
Stream Type LIVE
Remaining Time 0:00
 
1x
    • Chapters
    • descriptions off, selected
    • captions off, selected
      (view in My Videos)



      Tune in for:

      • An introduction to the TA
      • A walk through demo showing set-up and available out-of-the-box content

      Check out our *nix conversations in Splunk Answers community for more!

      0 Karma
      4 Comments
      melissap
      Splunk Employee
      Splunk Employee
      ‎07-06-2020 06:36 AM

      Hey everyone! We had some great questions during this Tech Talk in June. 

      Recapping for all!

      Q: What is the difference between this add-on and the Splunk app\ add-on for Infrastructure which also includes Linux \ Unix monitoring?
      A: This TA collects data via shell scripts, and creates Splunk events. The add for infrastructure collects data via a collected agent and the data lands in Splunk as a metric.
       
      Q: Does the Nix TA put performance data into a metrics type index?
      A: This nix TA puts data into a Splunk index as an event, not a metric.
       
      Q: So should we move this data to the index of our choice or should we keep it in main?
      A: It's best to move this data to an index of your choice.
       
      Q: So we would do that in the input.conf of the Splunk_nix_ta folder. Correct?
      A: Correct! When you create the inputs.conf in your local folder, make sure to include the index=[your index] field under each input stanza.
       
      Q: When we refer pctCPU, how do we segregate if it's for 1 core or 12 core or 24 core?
      A: The cpu data comes in with one event per core, and another event that is an aggregate of all cores. 
      0 Karma
      melissap
      Splunk Employee
      Splunk Employee
      ‎07-06-2020 06:37 AM

      Here are all the follow up materials from the webinar. Enjoy!

      • Documentation –

      Data Collection

      Script Compatibility

      Sourcetypes

      Deployment

       

      0 Karma
      zpravaiz
      Loves-to-Learn
      ‎07-06-2020 11:14 PM

      Hi, I cannot register with these tech talks as drop-down fields show no data.  How can I access these talks?

      0 Karma
      melissap
      Splunk Employee
      Splunk Employee
      ‎07-07-2020 06:16 AM

      Hi @zpravaiz - In the drop down for Select Your Session - check mark OnDemand and then submit, you will then be given the link to the ondemand version. Thanks!

      0 Karma
      Get Updates on the Splunk Community!

      Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

      This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

      Splunk Community Badges!

        Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

      What You Read The Most: Splunk Lantern’s Most Popular Articles!

      Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
      Top