Collect Mac OS X metrics and logs with Splunk App for Infrastructure
Use the easy install script to install and configure data collection agents on a host you want to collect metrics and log data from. You can forward metrics and log data to the Splunk App for Infrastructure (SAI) to monitor performance and investigate your infrastructure. If you are running Docker containers without an orchestration tool like Docker Swarm, Kubernetes, or OpenShift, you can use the script to monitor the Docker containers as well.
To manually configure data collection, see Manually configure log collection on a *nix host for Splunk App for Infrastructure and Manually configure metrics collection on a *nix host for Splunk App for Infrastructure.
When you set up the data collection agent on your host machine, and validate new hosts are connected, you can start monitoring your infrastructure. Hosts you are monitoring are called entities. Go to the Investigate page to monitor your entities in the Tile or List view. You can group your entities to monitor them more easily and further analyze your infrastructure by drilling down to the Overview Dashboard for entities only or the Analysis Workspace for entities and groups.
Meet the following requirements to configure data collection:
|Mac OS X machine|
|Data collection script|
|Administrator role||You must be an administrator to configure data collection.|
|HEC token||To create an HEC token, see Create an Event Collector token.
Follow these steps to configure and use the data collection script so that the host sends metrics and log data to SAI. If you're running SAI on Splunk Cloud, you must enter specific settings for the Monitoring machine, HEC port, and Receiver port. For more information, see Install and configure the data collection agents on each applicable system in the Install and Upgrade Splunk App for Infrastructure guide.
1. Specify configuration options
Select data collection options for collecting metrics and logs from your host.
- In the SAI user interface, click the Add Data tab and select OSX.
- Click Customize to select the metrics and log sources you want to collect data for. The
uptimemetrics are selected by default, and cannot be deselected.
- If you select cpu > Collect data for each CPU, metrics are stored for each CPU core, which enables you to split CPU usage by each core in the Analysis Workspace.
- If you select cpu > Collect sum over all CPUs, only aggregate metrics are stored for CPU usage.
dimension:value, such as
write_splunkcollectd plug-in creates these five dimensions:
8088if it is available.
curldoesn't trust self-signed certificates by default. You may want to disable SSL if you're using self-signed certificates. If you're using Splunk Cloud, keep this option enabled.
/var/run/. The Docker socket is the UNIX socket Docker listens to for Docker API calls.
2. Copy and paste the script into the command line of your host
Deploy the script on your host to collect metrics and logs.
- Open a terminal window on the monitoring machine.
- Paste the script in the command line window.
- Run the script. If you are running the script for the first time, see the following note about creating administrator credentials. When you run the script for the first time, you might receive a message stating that the universal forwarder was installed without creating an admin user. If this occurs, you have to manually create admin credentials. For information about configuring user credentials, see user-seed.conf in the Splunk Enterprise Admin Manual.
3. Verify your data connection
Verify your data connection to start monitoring your infrastructure. When the script finishes running, the user interface indicates your host is connected and data is available to view.
It can take up to about five (5) minutes for your hosts to display in the user interface.
- In the SAI user interface, click the Add Data tab.
- If no new hosts are connected after a few minutes, click Refresh.
- When new hosts are connected, click New host found to view your host.
Manually configure metrics and log collection for a Windows host for Splunk App for Infrastructure
Collect Kubernetes metrics and logs with Splunk App for Infrastructure
This documentation applies to the following versions of Splunk® App for Infrastructure: 2.1.0, 2.1.1 Cloud only, 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only