I am running two home servers (one remote, one local). I have both the UNIX app and the NMON app installed, but I am not sure of the benefits of both. I like the NMON app for its easy dashboard, but I'm wondering if the UNIX app is providing more functionality that I just don't know about.
Is there a comparison and contrast between the two? Is there any reason I should choose one over the other? Is there a benefit to using both, or am I just duplicating collected data?
I did search but I haven't come up with much.
Hello !
That's an interesting question.
I am the author of the Nmon Splunk App, and i will to try to answer as objective as possible 🙂
First, thank you using the Nmon App, and thank you for your interest over my work.
The first thing to underline in my opinion, is that the Unix App is built and maintained by Splunk, when the Nmon App is fully Open source (published under the Apache 2 licence) and community supported.
Beyond this, i don't feel both App like being necessary in concurrency, i won't speak for Unix App (maybe other people will), but i can speak for mine.
I have built the Application based on my own experience in Unix System Capacity Planning and Performance, Nmon is a great "all in one" opensource performance monitor well known in big companies, notably companies using IBM PSeries systems (AIX and Power Linux)
This power-full tool is very simple to use (a simple pre-compiled C binary), and has an incredibly huge number of performance monitors which covers almost every performance aspect for AIX, Linux and also Solaris systems with a derived project that uses the same behavior.
Many tools or Application will never have that richness of metrics.
Nmon can be used for real time monitoring in terminal, and also in a mode where it will write in a specific csv format every performance monitor measure all along it's run.
This is a key feature many companies use to generate Nmon file of their systems, and then store them in a centralized share for cold and large analysis. This is Capacity Planning and Performance.
The Nmon App intends to join the great power of Splunk with Nmon, my experience learned me that a good Application must be easy to used and must go quickly to the essential, this is what i have tried to do with the App.
I spend a lot of time building Splunk interfaces and applications for various operational engineers, this is very instructive in what people may expect from our Applications.
I think we can mention notably 2 key features of the Nmon App:
So to summarize, a company that already has Nmon files collect in place (and they are many) have also probably difficulties having tools able to valorise these data, notably for long term and massive Analysis.
This is where Splunk's power, architecture , functionalities, interfaces and so on is a great and definitive advantage.
Nmon is very well known in AIX world, and also more and more in Linux systems.
And companies or people looking for easy to deploy and maintain Splunk App to collect performance data from their Unix systems will also take great advantages of the App.
The graphical Application itself is tries to exploit as much as possible Splunk functionality, and as much as possible the richness of Nmon.
I do not think this is duplicating data itself, but indeed common standard monitors can be redundant.
It not easy to sum up in a few words all you can do with the App, but the data, interfaces, conversion tools and so on are open, free to modify... once the data is in the system it's easy to any Splunker to build its own dashboards and interfaces.
As a conclusion, i would say that having is the choice is always a cool thing, and every one must have the liberty to choose 🙂
Again thank for your interest, if you have any comment or problem to report, don't hesitate.
And off course, don't forget to rate the App if you like 🙂
Guilhem
Hello !
That's an interesting question.
I am the author of the Nmon Splunk App, and i will to try to answer as objective as possible 🙂
First, thank you using the Nmon App, and thank you for your interest over my work.
The first thing to underline in my opinion, is that the Unix App is built and maintained by Splunk, when the Nmon App is fully Open source (published under the Apache 2 licence) and community supported.
Beyond this, i don't feel both App like being necessary in concurrency, i won't speak for Unix App (maybe other people will), but i can speak for mine.
I have built the Application based on my own experience in Unix System Capacity Planning and Performance, Nmon is a great "all in one" opensource performance monitor well known in big companies, notably companies using IBM PSeries systems (AIX and Power Linux)
This power-full tool is very simple to use (a simple pre-compiled C binary), and has an incredibly huge number of performance monitors which covers almost every performance aspect for AIX, Linux and also Solaris systems with a derived project that uses the same behavior.
Many tools or Application will never have that richness of metrics.
Nmon can be used for real time monitoring in terminal, and also in a mode where it will write in a specific csv format every performance monitor measure all along it's run.
This is a key feature many companies use to generate Nmon file of their systems, and then store them in a centralized share for cold and large analysis. This is Capacity Planning and Performance.
The Nmon App intends to join the great power of Splunk with Nmon, my experience learned me that a good Application must be easy to used and must go quickly to the essential, this is what i have tried to do with the App.
I spend a lot of time building Splunk interfaces and applications for various operational engineers, this is very instructive in what people may expect from our Applications.
I think we can mention notably 2 key features of the Nmon App:
So to summarize, a company that already has Nmon files collect in place (and they are many) have also probably difficulties having tools able to valorise these data, notably for long term and massive Analysis.
This is where Splunk's power, architecture , functionalities, interfaces and so on is a great and definitive advantage.
Nmon is very well known in AIX world, and also more and more in Linux systems.
And companies or people looking for easy to deploy and maintain Splunk App to collect performance data from their Unix systems will also take great advantages of the App.
The graphical Application itself is tries to exploit as much as possible Splunk functionality, and as much as possible the richness of Nmon.
I do not think this is duplicating data itself, but indeed common standard monitors can be redundant.
It not easy to sum up in a few words all you can do with the App, but the data, interfaces, conversion tools and so on are open, free to modify... once the data is in the system it's easy to any Splunker to build its own dashboards and interfaces.
As a conclusion, i would say that having is the choice is always a cool thing, and every one must have the liberty to choose 🙂
Again thank for your interest, if you have any comment or problem to report, don't hesitate.
And off course, don't forget to rate the App if you like 🙂
Guilhem
thanks for your comprehensive answer. I'm also more inclined to use NMON app as it gives a much simpler overview.
@guilmxm , is there any way we can use "NMON" app can collect data from NMON logs rather than using TA (addon) in remote servers? We don't have forwarders in all remote machines, but using syslog.
@koshyk
In my knowledge, the answer is no, at least easily.
Nmon data is not a log file, it is a particular structured file (mostly tabular data with multi-headers, specific sections...) that needs pre-processing to enter Splunk indexing.
As such, it could not be read by Syslog or any external process, when using forwarders, the processing step is done locally by the forwarder and the resulting data is streamed to indexers.
Thus, an other way to use the application resides in external repositories of Nmon historical nmon files, the application can manage Nmon files out the box that would have been generated outside of Splunk, in this case Splunk (standalone instances, heavy forwarder or universal forwarders) watches for configured directory and will handle any new nmon data.
The limitation in central repositories will reside in being cold data only, the App can't manage Nmon files being continuously updated directly (this would result in numerous duplicates)
Real time data has to be managed by forwarders only
I now have a feature suggestion / enhancement:
On Linux, it's quite useless to show total memory usage, as Linux tries to cache as much as possible. On the memory detailed page, I see cached, memfree, etc, but I don't see active or committed memory. Can you add in more detailed memory stats, especially on the analyzer dashboard?
Hi, thanks for the suggestion, i will work on this for next release !
FYI, In the Linux Memory interface, you can activate buffers / cache / inactive monitors
Hi !
FYI, a new release V1.4.91 has been published today to improve Linux Memory analysis (both dedicated interface and Nmon Analyser UI)
Committed memory is not available in nmon output mode, i'm looking for the way to evaluate it based on existing monitors, if you have a suggestion don't hesitate 🙂
And if you suggestion to improve memory charts and so on, I'll be pleased
Guilhem
Thank you! The new update looks great and is exactly what I was looking for. It is very helpful now. Whereas I previously saw 80% memory usage, I can now see that 40%+ of that is cached and is nothing to worry about.
What a fast feedback 🙂 I'm pleased to hear this
Happy Splunking>
Thank you very much for your detailed answer! I would like to hear more about the UNIX app. From using both for 48 hours I can say that I find NMON to be much simpler and to encompass all the important parts of the system. The UNIX app, while very detailed, seems to me to be rather cumbersome to use.
As such, I have uninstalled the UNIX app and instead opted to index /var/log on my systems in conjunction with using your app.