Splunk® App for Infrastructure (Legacy)

Administer Splunk App for Infrastructure

This documentation does not apply to the most recent version of Splunk® App for Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

SAI version 1.3.x is not compatible with the Splunk Add-on for Windows

By default, version 1.3.x of the Splunk App for Infrastructure (SAI) is not compatible with the Splunk Add-on for Windows. If you are using the Splunk Add-on for Windows and SAI version 1.3.x in the same Splunk Enterprise deployment, you must modify the universal forwarder's inputs.conf file on each Windows host and props.conf for each instance of the Splunk Add-on for Infrastructure you are running.

Prerequisites

  • Access and permission to modify files in the $SPLUNK_HOME directory on each Windows host.
  • Access and permission to modify files in the $SPLUNK_HOME directory on each Splunk Enterprise instance running the Splunk Add-on for Infrastructure.

Steps

Follow these steps to modify props, transforms, sourcetypes, and target indexes to use the Splunk Add-on for Microsoft Windows and Splunk App for Infrastructure version 1.3.x in the same Splunk Enterprise deployment.

  1. On each system running a Splunk Enterprise instance that contains the Splunk Add-on for Infrastructure, go to the $SPLUNK_HOME/etc/apps/splunk_ta_infrastructure/local directory.
  2. Open props.conf with a text editor.
  3. Replace all content in the file with the following: 
    # This is for backward compatible with previous collectd version
[em_metrics]
TRANSFORMS-hostoverride=metrics-hostoverride
ADD_EXTRA_TIME_FIELDS = false

[aws:cloudwatch]
TRANSFORMS-hostoverride=ebs-hostoverride, elb-hostoverride, ec2-hostoverride

[em_indexed_alerts]
SHOULD_LINEMERGE = False

# For Windows Metrics
[PerfmonMetrics:CPU]
TRANSFORMS-_value_for_perfmon_metrics_store = value_for_perfmon_metrics_store
TRANSFORMS-metric_name_for_perfmon_metrics_store = metric_name_for_perfmon_metrics_store
TRANSFORMS-object_for_perfmon_metrics_store = object_for_perfmon_metrics_store
TRANSFORMS-instance_for_perfmon_metrics_store = instance_for_perfmon_metrics_store
TRANSFORMS-collection_for_perfmon_metrics_store = collection_for_perfmon_metrics_store
EVAL-metric_type = "gauge"
SEDCMD-remove-whitespace = s/ /_/g s/\s/ /g

[PerfmonMetrics:Memory]
TRANSFORMS-_value_for_perfmon_metrics_store = value_for_perfmon_metrics_store
TRANSFORMS-metric_name_for_perfmon_metrics_store = metric_name_for_perfmon_metrics_store
TRANSFORMS-object_for_perfmon_metrics_store = object_for_perfmon_metrics_store
TRANSFORMS-instance_for_perfmon_metrics_store = instance_for_perfmon_metrics_store
TRANSFORMS-collection_for_perfmon_metrics_store = collection_for_perfmon_metrics_store
EVAL-metric_type = "gauge"
SEDCMD-remove-whitespace = s/ /_/g s/\s/ /g

[PerfmonMetrics:PhysicalDisk]
TRANSFORMS-_value_for_perfmon_metrics_store = value_for_perfmon_metrics_store
TRANSFORMS-metric_name_for_perfmon_metrics_store = metric_name_for_perfmon_metrics_store
TRANSFORMS-object_for_perfmon_metrics_store = object_for_perfmon_metrics_store
TRANSFORMS-instance_for_perfmon_metrics_store = instance_for_perfmon_metrics_store
TRANSFORMS-collection_for_perfmon_metrics_store = collection_for_perfmon_metrics_store
EVAL-metric_type = "gauge"
SEDCMD-remove-whitespace = s/ /_/g s/\s/ /g

[PerfmonMetrics:LogicallDisk]
TRANSFORMS-_value_for_perfmon_metrics_store = value_for_perfmon_metrics_store
TRANSFORMS-metric_name_for_perfmon_metrics_store = metric_name_for_perfmon_metrics_store
TRANSFORMS-object_for_perfmon_metrics_store = object_for_perfmon_metrics_store
TRANSFORMS-instance_for_perfmon_metrics_store = instance_for_perfmon_metrics_store
TRANSFORMS-collection_for_perfmon_metrics_store = collection_for_perfmon_metrics_store
EVAL-metric_type = "gauge"
SEDCMD-remove-whitespace = s/ /_/g s/\s/ /g

[PerfmonMetrics:Network]
TRANSFORMS-_value_for_perfmon_metrics_store = value_for_perfmon_metrics_store
TRANSFORMS-metric_name_for_perfmon_metrics_store = metric_name_for_perfmon_metrics_store
TRANSFORMS-object_for_perfmon_metrics_store = object_for_perfmon_metrics_store
TRANSFORMS-instance_for_perfmon_metrics_store = instance_for_perfmon_metrics_store
TRANSFORMS-collection_for_perfmon_metrics_store = collection_for_perfmon_metrics_store
EVAL-metric_type = "gauge"
SEDCMD-remove-whitespace = s/ /_/g s/\s/ /g

[PerfmonMetrics:System]
TRANSFORMS-_value_for_perfmon_metrics_store = value_thefor_perfmon_metrics_store
TRANSFORMS-metric_name_for_perfmon_metrics_store = metric_name_for_perfmon_metrics_store
TRANSFORMS-object_for_perfmon_metrics_store = object_for_perfmon_metrics_store
TRANSFORMS-instance_for_perfmon_metrics_store = instance_for_perfmon_metrics_store
TRANSFORMS-collection_for_perfmon_metrics_store = collection_for_perfmon_metrics_store
EVAL-metric_type = "gauge"
SEDCMD-remove-whitespace = s/ /_/g s/\s/ /g

[PerfmonMetrics:Process]
TRANSFORMS-_value_for_perfmon_metrics_store = value_for_perfmon_metrics_store
TRANSFORMS-metric_name_for_perfmon_metrics_store = metric_name_for_perfmon_metrics_store
TRANSFORMS-object_for_perfmon_metrics_store = object_for_perfmon_metrics_store
TRANSFORMS-instance_for_perfmon_metrics_store = instance_for_perfmon_metrics_store
TRANSFORMS-collection_for_perfmon_metrics_store = collection_for_perfmon_metrics_store
EVAL-metric_type = "gauge"
SEDCMD-remove-whitespace = s/ /_/g s/\s/ /g

[em_metrics_udp]
TRANSFORMS-hostoverride = udp-metrics-hostoverride
TRANSFORMS-run-dims-extraction = extract_dims
SHOULD_LINEMERGE = false
LINE_BREAKER = (\}\})
  4. When you are done, save your changes and close the file.
  5. On each Windows host that is sending data to the Splunk App for Infrastructure with a universal forwarder, go to the $SPLUNK_HOME/etc/system/local directory.
  6. Open inputs.conf with a text editor.
  7. For each perfmon stanza, change the sourcetype value fromPerfmon:<metric> to PerfmonMetrics:<metric>. If an input does not specify a sourcetype, add one: 
    sourcetype = PerfmonMetrics:<metric>
  8. For each perfmon stanza, change the index value to em_metrics. If you use a custom metrics index, include that instead.
  9. Here is an example inputs.conf file: 
    [perfmon://CPU Load]
counters = % C1 Time;% C2 Time;% Idle Time;% Processor Time;% User Time;% Privileged Time;% Reserved Time;% Interrupt Time
instances = *
interval = 30
sourcetype = PerfmonMetrics:CPU
object = Processor
index = em_metrics
_meta =  os::"Microsoft Windows Server 2012 R2 Standard" os_version::6.3.9600 entity_type::Windows_Host

[perfmon://Physical Disk]
counters = % Disk Read Time;% Disk Write Time
instances = *
interval = 30
sourcetype = PerfmonMetrics:PhysicalDisk
object = PhysicalDisk
index = em_metrics
_meta =  os::"Microsoft Windows Server 2012 R2 Standard" os_version::6.3.9600 entity_type::Windows_Host

[perfmon://Network Interface]
counters = Bytes Received/sec;Bytes Sent/sec;Packets Received/sec;Packets Sent/sec;Packets Received Errors;Packets Outbound Errors
instances = *
interval = 30
sourcetype = PerfmonMetrics:Network
object = Network Interface
index = em_metrics
_meta =  os::"Microsoft Windows Server 2012 R2 Standard" os_version::6.3.9600 entity_type::Windows_Host

[perfmon://Available Memory]
counters = Cache Bytes;% Committed Bytes In Use;Page Reads/sec;Pages Input/sec;Pages Output/sec;Committed Bytes;Available Bytes
interval = 30
sourcetype = PerfmonMetrics:Memory
object = Memory
index = em_metrics
_meta =  os::"Microsoft Windows Server 2012 R2 Standard" os_version::6.3.9600 entity_type::Windows_Host

[perfmon://System]
counters = Processor Queue Length;Threads
instances = *
interval = 30
sourcetype = PerfmonMetrics:System
object = System
index = em_metrics
_meta =  os::"Microsoft Windows Server 2012 R2 Standard" os_version::6.3.9600 entity_type::Windows_Host

[perfmon://Process]
counters = % Processor Time;% User Time;% Privileged Time
instances = *
interval = 30
sourcetype = PerfmonMetrics:Process
object = Process
index = em_metrics
_meta =  os::"Microsoft Windows Server 2012 R2 Standard" os_version::6.3.9600 entity_type::Windows_Host

[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
instances = *
interval = 30
sourcetype = PerfmonMetrics:LogicalDisk
object = LogicalDisk
index = em_metrics
_meta =  os::"Microsoft Windows Server 2012 R2 Standard" os_version::6.3.9600 entity_type::Windows_Host
  10. When you are done, save your changes and close the file.
  11. Restart the universal forwarder on each Windows host and each Splunk Enterprise instance running the Splunk App for Infrastructure: 
    $ cd $SPLUNK_HOME/bin
$ ./splunk restart
Last modified on 06 July, 2020
The status of an entity is not updating   Manage and debug the local server in Splunk App for Infrastructure

This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.3.0, 1.3.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters