Getting Data In

indexer gathering data from localhost

jan_wohlers
Path Finder

Hi,

I would like to monitor the indexer itself. It is a radhat machine and I want the indexer to collect logfiles from the localhost, where splunk is running. This sounds stupid, I can't find a way to tell splunk that he should gather data from it's host.

I like to monitor CPU and Diskspace for example.

Nice to hear from you.

Jan

Tags (1)
0 Karma

Kate_Lawrence-G
Contributor

Hi Jan,

Well if you install the nix app it will work for that indexer and will be available via the web interface on that indexer alone (since by default indexer are search heads as well).

In a lone indexer scenario this would probably work out OK, and would only get cumbersome if you have a large distributed environment. Then I would go with something like Nagios which has an agent that can run and monitor this type of information a lot better than Splunk.

Thanks,

Kate

0 Karma

jan_wohlers
Path Finder

The whole environment is build on solid hardware which should have enough power. As far as I understand the full splunk version is not capable of "forward" the data (like perfmon-logs) from his own host, but the universal forwarder can gather logs from its host to forward it to the indexer?

Thanks for reply!

Jan

0 Karma

Kate_Lawrence-G
Contributor

Hi,

No problem thanks for providing more info.

You can run the http://splunk-base.splunk.com/apps/22314/splunk-for-unix-and-linux app that will track this type of activity; but I would warn you that this can put an extra load on your indexers since it needs to monitor itself as well as accepting data from your forwarders and would not suggest it in a virtualized environment.

In most cases if you want to monitor the hardware(CPU/Memory/processes) of a box I'd use an app like Nagios and send the logs to Splunk for reporting and stats.

Thanks!

Kate

0 Karma

jan_wohlers
Path Finder

Dear Kate,

thanks for the reply. The app you posted is pretty useful, but not the solution to my question. SoS is more for monitoring the splunksoftware itself.

I'm searching for a way to gather perfmon-logs for the hardware where the indexer is running on. Do I have to install the universal forwarder on my indexer as well?

I mean for me it doesn't really make sense to install the Universal Forwarder when the full splunk software is already installed. But I can't find a way to get this logs from the splunkhardware...

I hope this describes my problem a bit more detailed.

Regards
Jan

0 Karma

Kate_Lawrence-G
Contributor

Hi,
It sounds like you need S.O.S http://splunk-base.splunk.com/apps/29008/sos-splunk-on-splunk you can use the TA to monitor the indexers.

Thanks,

Kate

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...