Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are recommendations for monitoring information on a Linux server?

newbiesplunk
Path Finder
‎03-01-2015 05:29 PM

Hi,

I wish to monitor linux server info like number of CPU, processor, linux version etc in Splunk. What will be the recommended info to get from linux server and how do I do this? thks

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Gilberto_Castil
Splunk Employee
Splunk Employee
‎03-01-2015 06:30 PM

Your first step is to download and install the Splunk Universal Forwarder on the end point server that you wish to monitor. This is the preferred vehicle to read and upload data from your server to a Splunk Indexer. There are many types of helpful ways to figure out how to

  1. Install the Universal Forwarder and
  2. How to get data from Linux to a Splunk Indexer

To address your specific question, the best way to get started is to use the Splunk Add-on for Unix and Linux. This particular Add-on is configured on your the end point server that you wish to monitor. There is a detailed list of of the data obtained with this Add-on in the following link.

http://docs.splunk.com/Documentation/UnixAddOn/5.1.1/User/Whatdataarecollected

It is important to understand that the *NIX Add-on (above) is just part of the configuration of your Splunk Universal Forwarder. To complement the entire piece, you may want to use the Splunk App for Unix and Linux. This app is installed on your Splunk Indexer. This is documented in the following link.

http://docs.splunk.com/Documentation/UnixApp/5.0.1/User/AbouttheSplunkAppforUnix

I hope this helps,

-gc

View solution in original post

Reply
Solved! Jump to solution
Solution

Gilberto_Castil
Splunk Employee
Splunk Employee
‎03-01-2015 06:30 PM

Your first step is to download and install the Splunk Universal Forwarder on the end point server that you wish to monitor. This is the preferred vehicle to read and upload data from your server to a Splunk Indexer. There are many types of helpful ways to figure out how to

  1. Install the Universal Forwarder and
  2. How to get data from Linux to a Splunk Indexer

To address your specific question, the best way to get started is to use the Splunk Add-on for Unix and Linux. This particular Add-on is configured on your the end point server that you wish to monitor. There is a detailed list of of the data obtained with this Add-on in the following link.

http://docs.splunk.com/Documentation/UnixAddOn/5.1.1/User/Whatdataarecollected

It is important to understand that the *NIX Add-on (above) is just part of the configuration of your Splunk Universal Forwarder. To complement the entire piece, you may want to use the Splunk App for Unix and Linux. This app is installed on your Splunk Indexer. This is documented in the following link.

http://docs.splunk.com/Documentation/UnixApp/5.0.1/User/AbouttheSplunkAppforUnix

I hope this helps,

-gc

Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...