×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
dagarwal_splunk
Splunk Employee
Member since: ‎07-30-2018
‎02-09-2021
Community Statistics
Posts 126
Solutions 9
Karma Given 1
Karma Received 28
Member Since ‎07-30-2018
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Splunk Insights for Infrastructure download li...

by Splunk Employee in Splunk ITSI
‎05-27-2020 02:46 PM
‎05-27-2020 02:46 PM
yes .. discontinued.. ... View more

Re: Splunk Insights for Infrastructure download li...

by Splunk Employee in Splunk ITSI
‎05-27-2020 02:20 PM
‎05-27-2020 02:20 PM
You will have to use Splunk App for Infrastructure: https://splunkbase.splunk.com/app/3975/ ... View more

Re: Splunk App for Infrastructure : entities still...

by Splunk Employee in All Apps and Add-ons
‎05-06-2020 10:13 AM
‎05-06-2020 10:13 AM
I will upgrade Splunk and SAI both. Splunk 7.1.x has some Windows metrics issues (upgrade to 7.2 or later). ... View more

Re: Splunk app for Infrastructure overview shows "...

by Splunk Employee in All Apps and Add-ons
‎05-06-2020 10:10 AM
1 Karma
‎05-06-2020 10:10 AM
1 Karma
For Windows, Do you have "_meta = entity_type::Windows_Host" in UF Perfmon inputs.conf stanza? ... View more

Re: Splunk App for Infrastructure : entities still...

by Splunk Employee in All Apps and Add-ons
‎04-30-2020 10:51 AM
‎04-30-2020 10:51 AM
Check if you see any error or failed messages in logs: index="_internal" ... View more

Re: Splunk App for Infrastructure : entities still...

by Splunk Employee in All Apps and Add-ons
‎04-29-2020 02:33 PM
‎04-29-2020 02:33 PM
You need to increase the "monitoring_calculation_window" for in "collectors.conf" and restart Splunk. If its Linux entity - increase the "os" stanza For Windows - increase the "perfmon" stanza Data is coming every 5 minutes (300 sec), I will keep the value between 450 to 600. This will make sure that SAI searches last 450-600 sec in past for the latest data. ... View more

Re: SAI - Windows entity does not show up

by Splunk Employee in All Apps and Add-ons
‎04-22-2020 10:31 AM
‎04-22-2020 10:31 AM
You need Processor.* metrics for Windows entity discovery. Are they disabled in your inputs.conf. monitoring_calculation_window is how many seconds to look in past for the new entity. It was set to 90 sec. If there is some data lag of more than 90 sec, entity won't be discovered. Solution is to increase this number if not working for you. ... View more

Re: SAI - Windows entity does not show up

by Splunk Employee in All Apps and Add-ons
‎04-21-2020 07:57 AM
‎04-21-2020 07:57 AM
Can you answer some questions: Do you see Processor.* metrics for your Windows hosts? For this search on windows host, what is latest timestamp with data? (last data was 1min , 2min or 3min ago when you run the search? 😞 | mstats avg(_value) WHERE metric_name=Processor.%_Idle_Time AND index=em_metrics AND host=mywindows* span=30s What version of SAI do you have? ... View more

Re: SAI - Windows entity does not show up

by Splunk Employee in All Apps and Add-ons
‎04-20-2020 09:05 AM
1 Karma
‎04-20-2020 09:05 AM
1 Karma
Increase the "monitoring_calculation_window" for "perfmon" in collectors.conf to something like 300 and restart Splunk ... View more

Re: Using a splunk add-on for infrastucture for a ...

by Splunk Employee in All Apps and Add-ons
‎04-16-2020 12:53 PM
‎04-16-2020 12:53 PM
If you are using Splunk Add-on for Linux and Unix, it has to be converted to metrics format using props.conf and transforms.conf and then indexed to Splunk's metrics index. ... View more

Re: Using a splunk add-on for infrastucture for a ...

by Splunk Employee in All Apps and Add-ons
‎04-16-2020 12:44 PM
‎04-16-2020 12:44 PM
Where did you put your collectd.conf file that you mentioned ..? ... View more

Re: Using a splunk add-on for infrastucture for a ...

by Splunk Employee in All Apps and Add-ons
‎04-16-2020 12:41 PM
‎04-16-2020 12:41 PM
I meant Splunk UF do not forward metrics for linux machines. It does forward both logs and metrics for windows. ... View more

Re: Using a splunk add-on for infrastucture for a ...

by Splunk Employee in All Apps and Add-ons
‎04-16-2020 12:38 PM
‎04-16-2020 12:38 PM
There are two types of data collected: Logs & Metrics. Windows : Logs --> Splunk UF Windows : Metrics -->Splunk UF (perfmon inputs.conf) Linux: Logs --> Splunk UF (same as Windows) Linux: Metrics --> Collectd Metrics is required for entity discovery in SAI. ... View more

Re: Using a splunk add-on for infrastucture for a ...

by Splunk Employee in All Apps and Add-ons
‎04-16-2020 12:29 PM
‎04-16-2020 12:29 PM
hi, You are mixing up windows and linux data collection. "perfmon" inputs in UF is only for Windows metrics. You need to have "collectd" installed for Linux metrics. Splunk UF only forwards logs for Linux machines. What version of collectd do you have? Also, you don't need SAI add-on on UF. ... View more

Re: Entities not displayed in Splunk App for Infra...

by Splunk Employee in All Apps and Add-ons
‎03-18-2020 12:59 PM
‎03-18-2020 12:59 PM
That might be due to data lag.. Fix the lag or increase the monitoring window further.. ... View more

Re: Entities not displayed in Splunk App for Infra...

by Splunk Employee in All Apps and Add-ons
‎03-17-2020 04:10 PM
‎03-17-2020 04:10 PM
Not a big issue.. SAI just adds some extra dimensions like os_version and it could not find it for your machine.. You can also add it in collectd.conf manually if you really need it. ... View more

Re: Entities not displayed in Splunk App for Infra...

by Splunk Employee in All Apps and Add-ons
‎03-17-2020 04:07 PM
‎03-17-2020 04:07 PM
SAI was looking 90sec in past to see if any new entities was found. For some reason, your Machine 2 and Machine 3 has data lag of more than 90 sec. That's why we doubled the time to 180sec. You can keep it at 180s without issues. It shows inactive when it didn't see any new data in the monitoring window.. Maybe figure why there is lag as well and fix it as well... ... View more

Re: Entities not displayed in Splunk App for Infra...

by Splunk Employee in All Apps and Add-ons
‎03-17-2020 01:53 PM
‎03-17-2020 01:53 PM
This might be due to lag in data coming in .. Can you try to update collectors.conf in SAI? Change the "monitoring_calculation_window" to 180 for "os" and restart Splunk.. ... View more

Re: Entities not displayed in Splunk App for Infra...

by Splunk Employee in All Apps and Add-ons
‎03-17-2020 01:14 PM
‎03-17-2020 01:14 PM
Metrics data is sent by collectd not UF for Linux machines.. So, I guess you ran the "Add Data" script on 3 machines and you only see 1 entity. But, you have metrics data from all 3 machines? ... View more

Re: Entities not displayed in Splunk App for Infra...

by Splunk Employee in All Apps and Add-ons
‎03-16-2020 04:49 PM
‎03-16-2020 04:49 PM
you do have metrics data in Splunk.. what version of SAI do you have? Do you have any entities in SAI? ... View more

Re: Entities not displayed in Splunk App for Infra...

by Splunk Employee in All Apps and Add-ons
‎03-16-2020 09:47 AM
‎03-16-2020 09:47 AM
What are the search results for Step 2? ... View more

Re: Adding dimensions to my entities in Splunk App...

by Splunk Employee in All Apps and Add-ons
‎03-10-2020 02:58 PM
‎03-10-2020 02:58 PM
You want to add custom dimensions for each entity after it is discovered in SAI? Manually/Automatically? Based on any field like host? ... View more

Re: Monitoring Processes using metrics and SAI

by Splunk Employee in All Apps and Add-ons
‎02-26-2020 02:35 PM
‎02-26-2020 02:35 PM
The Overview dashboard for process looks only last 5 minutes for all the metrics. You can also look into "Analysis" page to see the graphs for the process metrics. Here you can also split by dimensions like pid, process_name etc.. and set alerts as well. Right now, you cannot set alert on SAI for process stopped/not running. Alerts won't fire when data stop coming for a particular process. ... View more

Re: Monitoring Processes using metrics and SAI

by Splunk Employee in All Apps and Add-ons
‎02-26-2020 11:02 AM
‎02-26-2020 11:02 AM
All the other ids are for the top processes that you might have started for a short time in the past and stopped.. ... View more

Re: Monitoring Processes using metrics and SAI

by Splunk Employee in All Apps and Add-ons
‎02-26-2020 10:45 AM
‎02-26-2020 10:45 AM
Are you using SAI's collectd processmon plugin? How are you getting those process data? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-09-2021 01:52 PM
Karma given to
View All