Data requirements for the Content Pack for Monitoring Unix and Linux
The IT Service Intelligence (ITSI) Content Pack for Monitoring Unix and Linux requires that you install the Splunk Add-on for Unix and Linux and configure it to collect and send data to your deployment.
While configuring the Splunk Add-on for Unix and Linux, use metrics based indexes. Event indexes are also supported.
Prerequisite
First, install a universal forwarder on any host that you want to send data to your ITSI deployment. See About forwarding and receiving in the Splunk Enterprise Forwarding Data manual to learn how to install and configure universal forwarders.
Install the Splunk Add-on for Unix and Linux
Use the following table as reference to install the Splunk Add-on for Unix and Linux on your deployment:
App | Installation link | Search heads | Indexers | Forwarders |
---|---|---|---|---|
Splunk Add-on for Unix and Linux | Installation steps | x | x | x |
For Linux systems, install the sysstat
package to collect operating system data.
See What data the Splunk Add-on for Unix and Linux collects in the Deploy and Use Splunk Add-on for Unix and Linux manual for a reference of scripted and file inputs.
Configure the add-on to collect metrics data and send to your Splunk deployment
Bandwidth data is ingested in the events index. The Splunk Add-on for Unix and Linux doesn't provide a metrics version of that source.
- Download the Splunk Add-on for Unix and Linux from Splunkbase.
- From a command shell, place the add-on in the
$SPLUNK_HOME/etc/apps
directory. - Create an
inputs.conf
file in$SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/
. If this file already exists, merge the stanzas in the next step. - Paste the following stanzas into the configuration file to generate the KPIs for the content pack:
[script://./bin/bandwidth.sh] disabled = false index = os [script://./bin/cpu_metric.sh] disabled = false interval = 60 index = itsi_im_metrics [script://./bin/df_metric.sh] disabled = false index = itsi_im_metrics [script://./bin/iostat_metric.sh] disabled = false index = itsi_im_metrics [script://./bin/vmstat_metric.sh] disabled = false index = itsi_im_metrics
- By default, all indexes are set to
itsi_im_metrics
. In each stanza, set it to the index you want to use. - Save and close the file.
- Restart your universal forwarder. For more information, see Start the universal forwarder in the Splunk Enterprise Forwarder Manual.
- Use the Search and Reporting app to confirm that you see incoming data from the hosts you configured.
Configure the add-on to collect event data and send it to your Splunk deployment
- Download the Splunk Add-on for Unix and Linux from Splunkbase.
- From a command shell, place the add-on in the
$SPLUNK_HOME/etc/apps
directory. - Create an
inputs.conf
file in$SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/
. If this file already exists, merge the stanzas in the next step. - Paste the following stanzas into the configuration file to generate the KPIs for the content pack:
[script://./bin/bandwidth.sh] disabled = false index=os [script://./bin/cpu.sh] disabled = false interval = 60 index=os [script://./bin/df.sh] disabled = false index=os [script://./bin/hardware.sh] disabled = false index=os [script://./bin/iostat.sh] disabled = false index=os [script://./bin/nfsiostat.sh] disabled = false index=os [script://./bin/ps.sh] disabled = false interval = 300 index=os [script://./bin/version.sh] disabled = false index=os [script://./bin/vmstat.sh] disabled = false index=os
- By default, all indexes are set to
os
. In each stanza, set it to the index you want to use. - Save and close the file.
- Restart your universal forwarder. For more information, see Start the universal forwarder in the Splunk Enterprise Forwarder Manual.
- Use the Search and Reporting app to confirm that you see incoming data from the hosts you configured.
Release Notes for the Content Pack for Monitoring Unix and Linux | Install and configure the Content Pack for Monitoring Unix and Linux |
This documentation applies to the following versions of Content Pack for Monitoring Unix and Linux: 1.2.0
Feedback submitted, thanks!