If you've been looking for a way to get system performance metrics, this addon is my first attempt at building support for Hyperic SIGAR: http://splunkbase.splunk.com/apps/All/4.x/Add-On/app:SIGAR+Performance+Metrics+Add-on+for+Splunk
Here's basic info about the Performance Metrics Add-on:
This add-on lets you utilize the cross-platform SIGAR library for monitoring system performance. You must first download and build the latest source for SIGAR (1.7 trunk), which you can grab from https://github.com/hyperic/sigar . For your convenience, I've attached a linux build in the download.
For more on SIGAR, see http://sigar.hyperic.com/
To install, unpack package contents in $SPLUNK_HOME/etc/apps/
Make sure you've correctly built the python bindings for SIGAR. You can do this by first testing your system Python. Go to your Python shell and type "import sigar" - if you don't get any errors, then your Python bindings have been built correctly.
Splunk ships with its own version of Python. To ensure that Splunk uses the SIGAR bindings, either build SIGAR to install with Splunk's Python, or simply copy all the sigar files from your system's pythonX.x/dist-packages directory into $SPLUNK_HOME/lib/python2.6/site-packages/.
To test if Splunk's python can use Sigar, issue this command: "$SPLUNK_HOME/bin/splunk cmd python" and then at the Python prompt "import sigar".
This first version gives you an easy way to track system memory changes. Future revisions will track CPU metrics. The python script that sends this data to Splunk, sigar4splunk/bin/sigar-perf.py, already includes some data on filesystems. I will create reports based on this data - or you're welcome to try your hand at it.
Here's basic info about the Performance Metrics Add-on:
This add-on lets you utilize the cross-platform SIGAR library for monitoring system performance. You must first download and build the latest source for SIGAR (1.7 trunk), which you can grab from https://github.com/hyperic/sigar . For your convenience, I've attached a linux build in the download.
For more on SIGAR, see http://sigar.hyperic.com/
To install, unpack package contents in $SPLUNK_HOME/etc/apps/
Make sure you've correctly built the python bindings for SIGAR. You can do this by first testing your system Python. Go to your Python shell and type "import sigar" - if you don't get any errors, then your Python bindings have been built correctly.
Splunk ships with its own version of Python. To ensure that Splunk uses the SIGAR bindings, either build SIGAR to install with Splunk's Python, or simply copy all the sigar files from your system's pythonX.x/dist-packages directory into $SPLUNK_HOME/lib/python2.6/site-packages/.
To test if Splunk's python can use Sigar, issue this command: "$SPLUNK_HOME/bin/splunk cmd python" and then at the Python prompt "import sigar".
This first version gives you an easy way to track system memory changes. Future revisions will track CPU metrics. The python script that sends this data to Splunk, sigar4splunk/bin/sigar-perf.py, already includes some data on filesystems. I will create reports based on this data - or you're welcome to try your hand at it.