Hi,
I have been looking at network tools such as PTRG, Zabbix, etc. to do weekly reports on Windows servers and a few in house Apps. None of them can do what I want without some heavy customizations.
I found Splunk by chance. I have already installed Splunk Light and have couple Windows servers forward Application and System Events as well as text logs from our Apps. Already I can I see the possibilities.
I am wondering if anyone can provide me with some answers:
As mentioned before, the goal right now is to do weekly reporting and not necessarily active monitoring.
What I want to report on:
When a server's CPU usage goes for over 80% for more than 20 seconds record that event, adding the top 5 processes using the most CPU at that time period. Is this possible? I understand that a query might return perfmon counters that can be filtered with the above conditions, but I am not sure if it can include the top processes. Can this be offloaded to a powershell script and append it to the report?
Same questions but for Network and Memory utilization.
As mentioned before, I added a custom log file into the universal forwarder. This log file is regularly rolled over. The file name to be monitored will always be "file.log", after it gets to a certain size it will be backed up and renamed to file.log.1. My question: does Splunk understand when the file it's monitoring is being moved and then recreated, is there a chance of missing new data (lines) during roll overs?
Thanks!
... View more