All Apps and Add-ons

How to collect CPU and Memory logs from a Unix forwarder?

srisahitya_v
Communicator

How can I collect CPU and Memory usage logs from unix forwarder?

I have Unix indexer and Unix forwarder. Both have connection. NMON and nix **apps* for Unix are not satisfying my problem.
So I want to create a dashboard to analyze CPU utilization and memory consumption of these two Unix boxes.

thanks in advance.

0 Karma
1 Solution

koshyk
Super Champion

Use "Splunk_TA_nix" app. It won't be collecting from file, but rather as scripted input.
- create a local directory within this app and create inputs.conf
- Open a copy of defaults/inputs.conf and check which all items you want to extract
- Then copy exact same paragraph into "local/inputs.conf" and put an entry disabled = 0

#Within Splunk_TA_nix/local/inputs.conf
[script://./bin/vmstat.sh]
disabled = 0
[script://./bin/top.sh]
disabled = 0

and so on...

View solution in original post

0 Karma

koshyk
Super Champion

Use "Splunk_TA_nix" app. It won't be collecting from file, but rather as scripted input.
- create a local directory within this app and create inputs.conf
- Open a copy of defaults/inputs.conf and check which all items you want to extract
- Then copy exact same paragraph into "local/inputs.conf" and put an entry disabled = 0

#Within Splunk_TA_nix/local/inputs.conf
[script://./bin/vmstat.sh]
disabled = 0
[script://./bin/top.sh]
disabled = 0

and so on...

0 Karma

mendesjo
Path Finder

Which app? Is this an add on for the normal agent?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Splunk App for Unix will do that.

---
If this reply helps you, Karma would be appreciated.
0 Karma

srisahitya_v
Communicator

I used NMON and *nix but i didn't get results. do you know where (in which path) these logs are stay.

0 Karma

guilmxm
Influencer
0 Karma

richgalloway
SplunkTrust
SplunkTrust

NMON does not collect CPU or Memory data.
The *nix app runs scripts on the Linux boxes to collect performance data and forward it to Splunk. You must first enable the desired scripts from the app's UI. The data is stored only in Splunk indexers, not on the monitored systems.

---
If this reply helps you, Karma would be appreciated.
0 Karma

guilmxm
Influencer

@ruchgalloway
This is totally wrong, Nmon Perf app collects much more perf metric *nix App will ever do, including CPU and Memory

Data is generated on UF and indexed within Splunk, the Nmon app provides various interfaces to analyse perf of systems. You should give a try -:)

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I thought the OP was referring to the Linux nmon program, which scans networks for open ports.

---
If this reply helps you, Karma would be appreciated.
0 Karma

guilmxm
Influencer

No problem 😉

I guess you mean "nmap"

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, that is what I was thinking of.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

This blog post is part 2 of 4 of a series on Splunk Assist. Click the links below to see the other ...