Splunk App for Unix and Linux: How to monitor serv...

ananthan123 · ‎06-05-2017

Hello,

We have around 100+ linux servers and would like to monitor them using Splunk. I have installed Splunk App for Unix and Linux, but it doesn't have monitoring feature. Am I missing some there here? Or I need to install different app for it ?

mattymo · ‎06-05-2017

Please define "monitoring"

What are you expecting to achieve?

There are a couple TAs available to collect metrics and logs from linux servers, namely:

https://splunkbase.splunk.com/app/3412/ << addon for linux which uses collectd

https://splunkbase.splunk.com/app/833/ << the classic nix TA which has a collection of monitors and scripts

Which both feed the Splunk *nix App (https://splunkbase.splunk.com/app/273/) for visualization. The one I assume you are referring to?

Or my personal fav, the nmon app:

https://splunkbase.splunk.com/app/1753/

These all provide pieces that can help you monitor certain metrics and logs as a nix admin.

Then, as always with Splunk, you have all the power to create your own!!

The main idea is to use a Technical Add-on (TA) to collect the data from the nix server and use the "Apps" to visualize and report.

- MattyMo

ananthan123 · ‎06-05-2017

Thank you very much for your answer. I already installed addons, what I want is need to ping all the servers every 5 minutes and check whether up or down, if it is down, need to send the alert email. I couldn't find it under addons.

mattymo · ‎06-06-2017

These apps don't have that specific ability, but technically you can easily do a similar thing by alerting on hosts who havent sent logs to you in greater than n minutes, or use the "missing forwarders" alert in the Management Console.

It would probably not be all that hard to custom build an input that pinged all your hosts either

- MattyMo

Splunk App for Unix and Linux: How to monitor servers?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life