2 panels should be developed on a single dashboard, one for CPU and one for memory monitoring of your local system. This should check for CPU and memory utilization of your system every one minute. When the utilization is below 80%, the color of the cell should be green, between 80% and 90% color should be yellow and above 90% color should red. When you click on the row, it should take you to a drill down panel that shows CPU/Memory Utilization history, and for this, you will need 2 additional dashboards. We should be able to select from the drop down for what time range we want to see the history (time range picker).
Hello @rajinigv ,
I am new to Splunk and recently i tried something which helped.
There are 2 ways to achieve this:
1. Use the In-built Apps for Windows and Unix. This involves installing the add-ons for Unix and Windows on the universal forwarders and getting the the data into Splunk. Then, you can create a dashboard and write queries for showing the data in the dashboard. Look for more details in "getting data in" and "creating dashboards" in the splunk docs.
The details for both the above methods are available are available in splunk docs. I would recommend going through the docs to have a better understanding on the methods.
Thanks,
Sapan
Hello @rajinigv ,
I am new to Splunk and recently i tried something which helped.
There are 2 ways to achieve this:
1. Use the In-built Apps for Windows and Unix. This involves installing the add-ons for Unix and Windows on the universal forwarders and getting the the data into Splunk. Then, you can create a dashboard and write queries for showing the data in the dashboard. Look for more details in "getting data in" and "creating dashboards" in the splunk docs.
The details for both the above methods are available are available in splunk docs. I would recommend going through the docs to have a better understanding on the methods.
Thanks,
Sapan
can you just explain me about inputs.conf procedure please @sapanda
Hello @rajinigv ,
The inputs.conf file is used to setup the data you want to get in to your Splunk system. Suppose you have a universal forwarder on a Linux system and you want to get data from your /var/log/messages to the forwarder, you can define your inputs.conf as follows:
[monitor:///var/log/messages]
disabled = false
index =
sourcetype =
interval =
The inputs.conf file goes to the location /etc/apps//local of your universal forwarder. You would need to create the index on your indexer for the data collection to start.
If you have a deployment server, you can create the file on the deployment server and 'push' the configuration to the forwarder as well. Below is a link which provides more details of the process. Hope this helps.
https://docs.splunk.com/Documentation/Splunk/7.2.3/Updating/Exampleaddaninputtoforwarders
Thanks,
Sapan
hii @sapanda thanks for your rply, iam new to splunk and here iam unable to use forwarder,
i want to know where to configure that input file for cpu and memory utilization.
and and what does deployment server mean..? once again tysm for spending your precious time!
Hello @rajinigv ,
You should always use forwarders to get metrics into your splunk enterprise. You can then create custom apps or you can use the pre-built infrastructure apps to get the metrics required into Splunk. I would suggest to first install the forwarder and then install the app and add-on to get the data. you can easily find the documentation for the same in Splunk documentation. Below are a few useful links to get you started:
Forwarder Manual:
https://docs.splunk.com/Documentation/Forwarder/7.2.3/Forwarder/Abouttheuniversalforwarder
Splunk App and Add-on configuration for Unix :
https://docs.splunk.com/Documentation/Forwarder/7.2.3/Forwarder/Abouttheuniversalforwarder
Splunk App and Add-on configuration for Windows:
https://docs.splunk.com/Documentation/MSApp/1.5.1/MSInfra/AbouttheSplunkAppforMSInfrastructure
I would suggest to go through the Splunk documentation. you would find all the useful information in the docs( that is where i started 🙂 ).
Hope this helps.
Thanks,
Sapan
ok thanks @sapanda
Both the Windows TA
and the TA for *NIX
have settings in the inputs.conf
to accomplish this. Check apps.splunk.com.
i need complete step by step procedure for this problem. can you just help me out? @woodcock
Hi. What OS are you talking about? For windows and Linux there should be apps in splunkbase. For splunk itself you should use the Managent console for this information
for windows and i have an app in my pc and may i know how to use the management console for this? @dkeck
In every splunk instance you can reach the Management Console under settings->Monitoring console ( left side, under Add Data)
thanks for the reply, i found it is inbuilt. it should not be like that i have to add data from local system to splunk and then search on it can you tell me how to do that. @dkeck