NMON Performance Monitor for Unix and Linux System...

scaffster · ‎04-25-2016

Does anybody know how to make NMON use the fully qualified host name rather than the shortened version?

We are currently tagging our instances by app-1.[environment].domain but nmon only uses the app-1 part of the hostname for most of the searched. I've seen the hostname is coming from the AAA file that gets generated but have been unable to track down where to amend the script.

I've edited the nmonhelper.sh script to HOST=hostname -frather than hostname and done this to both the nmon and TA_nmon apps

All our hosts are ubuntu

dbot2001 · ‎09-23-2019

You can override the Host override in transforms.conf to force a domain suffix
Beware: You may need to adjust the REGEX to remove any existing domain suffix prior to forcing one on this way.

local/transforms.conf
[nmon_data_hostoverride]
FORMAT = host::$1.yourdomain.com

guilmxm · ‎04-29-2016

Hi,

The upcoming release of Nmon Performance (v1.6.16) will implement an option to manage the use of Fully Qualified Domain Name for performance and configuration data. (https://github.com/guilhemmarchand/nmon-for-splunk/issues/34)

The activation of the option will be done through the props.conf to be deployed to clients:

# host name definition: by default, nmon2csv parsers will use the value returned by nmon for the host name definition. (available in the config section - AAA,host)
# If you want to have hosts using their fully qualified domain name (fqdn) instead of the nmon hostname value, add the option "--use_fqdn" in the source stanza definition
# the value of host name will be equivalent to the "hostname -f" command on the host.
# **CAUTION**: Do use this option when managing nmon data generated out of Splunk (central repositories) or all the data being ingested will be identified as coming the host
# that managed the nmon data
# This option must be used on host that are only managing their own nmon data.

# To activate fqdn:
# unarchive_cmd = $SPLUNK_HOME/bin/splunk cmd $SPLUNK_HOME/etc/apps/nmon/bin/nmon2csv.sh --use_fqdn

The Git testing repository is available if you want to test:

https://github.com/guilhemmarchand/nmon-for-splunk/tree/testing

The evolution concerns Python / Perl parsers (the --use_fqdn option) and props.conf (for the option documentation)

Guilhem

scaffster · ‎04-27-2016

We have used a work around in the nmon2csv.py file then set the HOSTNAME=host. We couldn't find a way of making nmon output the FQDN

import socket

for line in data:

# Set HOSTNAME
#host = re.match(r'^(AAA),(host),(.+)\n', line)
host=socket.gethostname()

if host:
   # HOSTNAME = host.group(3)
   HOSTNAME = host
    print("HOSTNAME:", HOSTNAME)

guilmxm · ‎04-27-2016

Hello !

All right 🙂

What i can provide for next release is new argument available in nmon2csv.py / nmon2csv.pl to force the utilization of the FQDN instead of using the hostname value returned by nmon.

Then, people would need to customize the call of the nmon2csv parser in the local/props.conf.

if you are fine with this, i will open an issue on github, the next release is still under development and i hope it to be available ASAP.

What do you think ?

scaffster · ‎04-27-2016

That would be great!

guilmxm · ‎04-27-2016

I am currently testing the modification, but i am surprised this works for you ?

host=socket.gethostname()

returns the hostname known by the OS (equivalent to the "hostname" command)

import socket   
socket.getfqdn()

returns the host FQDN, as would "hostname -f"

Does a simple "hostname" returns the FQDN for you ? If i am not wrong, that can be the case if you set the FQDN in /etc/hostname.
Therefore, according to Debian and Ubuntu docs, the FQDN should be set in /etc/hosts as an alias, and should only be retrieved with "hostname -f" (and the equivalent in Python)

So, if i am not wrong, the good practice would be using the second Python syntax as this will work for both people setting the FQDN in /etc/hosts and /etc/hostname

Thanks for you help !

Guilhem

ontkanin · ‎03-29-2018

On CentOS:

# grep HOSTNAME /etc/sysconfig/network
HOSTNAME=app1.example.com
# hostname
app1.example.com
# hostname -f
app1.example.com

guilmxm · ‎04-25-2016

Hello !

It is a very good question, and it is in reality more complex than it seems 🙂

First, within the Nmon App there 2 fields that concerns the host name:

host --> This is the Splunk Metadata field
hostname --> This is raw value of the host name returned by nmon, and present in every nmon raw data event in Splunk

For more convenience, and most of all because it it possible o ingest in Splunk nmon data that were generated out of Splunk, and out of the context of the Nmon Splunk app, i have decided to systematically rewrite the default Splunk metadata host field (normally this field is being returned by Splunk itself)

The "host" field is rewritten automatically using the "hostname" value of nmon raw events.
When it concerns nmon data (and not various output data from third scripts like the nmon_helper.sh script), the host field always equal the hostname field.

Right, that the first piece 🙂

Now, at a lower level:

When a new processes nmon starts, it recovers the value of the host name, and set in the AAA configuration part, just i as you enlighted, example:

AAA,host,ubuntu-1404-64
When nmon2csv parsers reads the nmon data, the hostname field is being extracted from this value, and this is this value that will used in every line of raw data generated

As long as long as nmon itself does not use the FQDN to set the AAA host field, neither the app will.
If nmon when it starts recognize the FQDN value instead of the short name, this value would be set in AAA,host and used all over the App (for both host / hostname)

I have done some little tests like setting the FQDN as an alias in /etc/host, or setting the FQDN in /etc/hostname.
I would have thought that nmon reads the content of the "hostname" command, but it does not seem to, while the hostname commands returns the FQDN value, nmon continues to use the short name ! (even across reboots)

By experience, i remember having already exchanged with people and saw nmon files containing FQDN (which was working perfectly fine within the App), but probably it was on AIX.

I couldn't either find something on that question on the Internet...

So, the real easier way would finding the right way for nmon Linux to use the FQDN when it has been set on the system it is running.

Another option would be adding an option in nmon2csv Python / Perl parser to use FQDN value instead of the nmon AAA,host value, but is has to be qualified and would not be a default option as this would break any one using the App with nmon central shares.

I hope this helps, if i find a better option, i will re-post on this question.
Don't hesitate on your side if you success in having nmon Linux using the FQDN, i didn't !

Cheers,

Guilhem

scaffster · ‎04-26-2016

Hi Guilmxm,

Thanks for the explanation, I'll have a play about and see what we can do!

Great app by the way!

guilmxm · ‎04-26-2016

Thank you 🙂

NMON Performance Monitor for Unix and Linux Systems: How to make NMON use the fully qualified host name?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!