All Apps and Add-ons

How to collect CPU and Memory logs from a Unix forwarder?

srisahitya_v
Communicator

How can I collect CPU and Memory usage logs from unix forwarder?

I have Unix indexer and Unix forwarder. Both have connection. NMON and nix **apps* for Unix are not satisfying my problem.
So I want to create a dashboard to analyze CPU utilization and memory consumption of these two Unix boxes.

thanks in advance.

0 Karma
1 Solution

koshyk
Super Champion

Use "Splunk_TA_nix" app. It won't be collecting from file, but rather as scripted input.
- create a local directory within this app and create inputs.conf
- Open a copy of defaults/inputs.conf and check which all items you want to extract
- Then copy exact same paragraph into "local/inputs.conf" and put an entry disabled = 0

#Within Splunk_TA_nix/local/inputs.conf
[script://./bin/vmstat.sh]
disabled = 0
[script://./bin/top.sh]
disabled = 0

and so on...

View solution in original post

0 Karma

koshyk
Super Champion

Use "Splunk_TA_nix" app. It won't be collecting from file, but rather as scripted input.
- create a local directory within this app and create inputs.conf
- Open a copy of defaults/inputs.conf and check which all items you want to extract
- Then copy exact same paragraph into "local/inputs.conf" and put an entry disabled = 0

#Within Splunk_TA_nix/local/inputs.conf
[script://./bin/vmstat.sh]
disabled = 0
[script://./bin/top.sh]
disabled = 0

and so on...

0 Karma

mendesjo
Path Finder

Which app? Is this an add on for the normal agent?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Splunk App for Unix will do that.

---
If this reply helps you, Karma would be appreciated.
0 Karma

srisahitya_v
Communicator

I used NMON and *nix but i didn't get results. do you know where (in which path) these logs are stay.

0 Karma

guilmxm
SplunkTrust
SplunkTrust
0 Karma

richgalloway
SplunkTrust
SplunkTrust

NMON does not collect CPU or Memory data.
The *nix app runs scripts on the Linux boxes to collect performance data and forward it to Splunk. You must first enable the desired scripts from the app's UI. The data is stored only in Splunk indexers, not on the monitored systems.

---
If this reply helps you, Karma would be appreciated.
0 Karma

guilmxm
SplunkTrust
SplunkTrust

@ruchgalloway
This is totally wrong, Nmon Perf app collects much more perf metric *nix App will ever do, including CPU and Memory

Data is generated on UF and indexed within Splunk, the Nmon app provides various interfaces to analyse perf of systems. You should give a try -:)

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I thought the OP was referring to the Linux nmon program, which scans networks for open ports.

---
If this reply helps you, Karma would be appreciated.
0 Karma

guilmxm
SplunkTrust
SplunkTrust

No problem 😉

I guess you mean "nmap"

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, that is what I was thinking of.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...