Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

expected behavior of lsof for *nix

Branden
Builder
‎09-14-2010 12:45 PM

I recently made a stab at porting the lsof *nix app to AIX. I realize this is an unsupported configuration, but we AIX users feel left out!

Anyways, it wasn't that hard to port. We already had lsof for AIX compiled. I just modified common.sh to fake it into believing it supports AIX, copied the props.conf, and off I went.

It runs lsof.sh and indexes the information, but I guess I was expecting more. Maybe I have more work to do on porting it, but for now it seems to just run lsof and captures the output of the command into a single 500 line entry. No special fields or anything like that.

Is that the expected behavior of lsof for *nix? Or is there more to it that I am missing? What is the difference between lsof for *nix versus running lsof.sh as your own app?

Thanks!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎09-14-2010 05:15 PM

There isn't a big difference, and shouldn't be. The only reason we have the scripts is to make sure that the "right" fields are output, and that the same fields are output with the same names across different platforms, and that the "right" options are specified to render the correct output (e.g., resolve hostnames vs show IP addresses, resolve port names vs numbers, show files or just network ports, UDP vs TCP ports, etc.)

So yes, the script is meant to be very simple, just to standardize the data that goes into Splunk. Any sophistication comes afterwards from the searches in the *nix application dashboards, which make assumptions about what data is present and how it is named.

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎09-14-2010 05:15 PM

There isn't a big difference, and shouldn't be. The only reason we have the scripts is to make sure that the "right" fields are output, and that the same fields are output with the same names across different platforms, and that the "right" options are specified to render the correct output (e.g., resolve hostnames vs show IP addresses, resolve port names vs numbers, show files or just network ports, UDP vs TCP ports, etc.)

So yes, the script is meant to be very simple, just to standardize the data that goes into Splunk. Any sophistication comes afterwards from the searches in the *nix application dashboards, which make assumptions about what data is present and how it is named.

Reply
Solved! Jump to solution

Branden
Builder
‎09-14-2010 05:39 PM

Good info, thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...