Content Pack for Monitoring Unix and Linux

Content Pack for Monitoring Unix and Linux

This documentation does not apply to the most recent version of Content Pack for Monitoring Unix and Linux. For documentation on the most recent version, go to the latest release.

Data requirements for the Content Pack for Monitoring Unix and Linux

The IT Service Intelligence (ITSI) Content Pack for Monitoring Unix and Linux requires that you install the Splunk Add-on for Unix and Linux and configure it to collect and send data to your deployment.

While configuring the Splunk Add-on for Unix and Linux, use metrics based indexes. Event indexes are also supported.

Prerequisite

First, install a universal forwarder on any host that you want to send data to your ITSI deployment. See About forwarding and receiving in the Splunk Enterprise Forwarding Data manual to learn how to install and configure universal forwarders.

Install the Splunk Add-on for Unix and Linux

Use the following table as reference to install the Splunk Add-on for Unix and Linux on your deployment:

App Installation link Search heads Indexers Forwarders
Splunk Add-on for Unix and Linux Installation steps x x x

For Linux systems, install the sysstat package to collect operating system data.

See What data the Splunk Add-on for Unix and Linux collects in the Deploy and Use Splunk Add-on for Unix and Linux manual for a reference of scripted and file inputs.

Configure the add-on to collect metrics data and send to your Splunk deployment

Bandwidth data is ingested in the events index. The Splunk Add-on for Unix and Linux doesn't provide a metrics version of that source.

  1. Download the Splunk Add-on for Unix and Linux from Splunkbase.
  2. From a command shell, place the add-on in the $SPLUNK_HOME/etc/apps directory.
  3. Create an inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/. If this file already exists, merge the stanzas in the next step.
  4. Paste the following stanzas into the configuration file to generate the KPIs for the content pack:
    
    [script://./bin/bandwidth.sh]
    disabled = false
    index = os
      
    [script://./bin/cpu_metric.sh]
    disabled = false
    interval = 60
    index = itsi_im_metrics
      
    [script://./bin/df_metric.sh]
    disabled = false
    index = itsi_im_metrics
     
    [script://./bin/iostat_metric.sh]
    disabled = false
    index = itsi_im_metrics
     
    [script://./bin/vmstat_metric.sh]
    disabled = false
    index = itsi_im_metrics
    
  5. By default, all indexes are set to itsi_im_metrics. In each stanza, set it to the index you want to use.
  6. Save and close the file.
  7. Restart your universal forwarder. For more information, see Start the universal forwarder in the Splunk Enterprise Forwarder Manual.
  8. Use the Search and Reporting app to confirm that you see incoming data from the hosts you configured.

Configure the add-on to collect event data and send it to your Splunk deployment

  1. Download the Splunk Add-on for Unix and Linux from Splunkbase.
  2. From a command shell, place the add-on in the $SPLUNK_HOME/etc/apps directory.
  3. Create an inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/. If this file already exists, merge the stanzas in the next step.
  4. Paste the following stanzas into the configuration file to generate the KPIs for the content pack:
    [script://./bin/bandwidth.sh]
    disabled = false
    index=os
      
    [script://./bin/cpu.sh]
    disabled = false
    interval = 60
    index=os
      
    [script://./bin/df.sh]
    disabled = false
    index=os
     
    [script://./bin/hardware.sh]
    disabled = false
    index=os
      
    [script://./bin/iostat.sh]
    disabled = false
    index=os
      
    [script://./bin/nfsiostat.sh]
    disabled = false
    index=os
      
    [script://./bin/ps.sh]
    disabled = false
    interval = 300
    index=os
      
    [script://./bin/version.sh]
    disabled = false
    index=os
      
    [script://./bin/vmstat.sh]
    disabled = false
    index=os
    
  5. By default, all indexes are set to os. In each stanza, set it to the index you want to use.
  6. Save and close the file.
  7. Restart your universal forwarder. For more information, see Start the universal forwarder in the Splunk Enterprise Forwarder Manual.
  8. Use the Search and Reporting app to confirm that you see incoming data from the hosts you configured.
Last modified on 21 February, 2023
Release Notes for the Content Pack for Monitoring Unix and Linux   Install and configure the Content Pack for Monitoring Unix and Linux

This documentation applies to the following versions of Content Pack for Monitoring Unix and Linux: 1.2.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters