All Apps and Add-ons

How can we collect linux performance metrics on a windows splunk instance ?

mahajanamit
Explorer

In our infrastructure, we have our splunk indexer running on a windows machine. We are already collecting performance metrics from remote Windows machines, but we also want to collect the system, CPU and memory counters of a linux machine on the same indexer.
How can i achieve that ?

(I have installed Splunk App for Unix and Linux on my local system and running linux on a vmware but I don't see any options on this app which can enable me to connect to the linux system.)

0 Karma
1 Solution

kml_uvce
Builder

you need to install "splunk addon unix and linux" add-on in forwarder in your linux system

https://apps.splunk.com/app/833/

View solution in original post

0 Karma

kml_uvce
Builder

you need to install "splunk addon unix and linux" add-on in forwarder in your linux system

https://apps.splunk.com/app/833/

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

The indexer doesn't connect to the remote linux system to collect the data, there's no WMI or similar.

Instead, you install a Splunk Universal Forwarder along with the linux addon linked above on the remote machine and the linux app on your indexer. The forwarder collects the data locally and sends it to your indexer to be searched and displayed there.

0 Karma

mahajanamit
Explorer

Hi

Can you please elaborate a bit more. By forwarder do you mean a universal forwarder or a splunk indexer which would work as a forwarder from the linux machine ?

0 Karma

kml_uvce
Builder

install forwarder in your linux machine and also install add on (link given) in linux machine. you need to enable scripts in this add on if disabled (check disabled option in inputs.conf in add on) , configure forwarder to send data to indexer, and these scripts fetch performance metrics and send data to indexer.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...