Ultimately you need the memory usage information to appear in a log on the server so that Splunk can work with it. If you don't have a log with this information, then you will have to generate it yourself, either by installing a monitoring software or by running a scripted input. One potential solution would be to run a scripted input on each linux server, which indexes the result of the "free -m" command. (perhaps with a grep to get a single line) To do this, make an app or modify an app that is deployed to your linux servers. Here is the stanza for the inputs.conf of the app: (insert app name, index, interval, and sourcetype name below) [script://$SPLUNK_HOME/etc/apps/<appName>/bin/getmem.sh]
disabled = false
index = ????
interval = 60
sourcetype = ???? Here is the code for the script: (save to $SPLUNK_HOME/etc/apps/<appname>/bin/getmem.sh #!/bin/bash
free -m | grep "Mem"
... View more