Hi,
I have a requirement to monitor CPU Utilization % and Memory usage for all the hosts where Splunk is running. I have used
1) SOS
2) Deployment Monitor
3) Splunk-TA-nix
But all these are apps are quite heavy with respect to license and CPU they themselves consume. The "top" command is considered to be very CPU-intensive.
Is there an alternative solution?
Thanks,
Meenal
If the vast majority of your deployment is running on Splunk Enterprise 6.1 or later, I would recommend to use the Distributed Management Console to achieve this goal.
This is a new feature of Splunk Enterprise 6.2 which allows you to monitor your Splunk deployment from a central location. It includes several views specifically centered on resource usage and leverages platform instrumentation (a built-in feature of Splunk Enterprise 6.1) to gather process-level information and metrics.
Okay, will give this a try.
Can I monitor resource usage of my heavy forwarders too from my search head using this app?
Yes you can, though at the current (6.2) version there the DMC has no such role as Heavy Forwarder,
the closest one it has predefined is Indexer - as the HF actually cooks the data.