Is the (top) uptime of the Linux server included in the "Splunk Add-on for Unix and Linux" ?
If not, is there a workaround to show the uptime of the Linux server using "Splunk Add-on for Unix and Linux"?
Thanks!
Hi lloydknight,
Yes, the Add-on for Unix and Linux does include the top sourcetype that captures output from the *nix top command.
Please refer to the following page for a full list of source types included in this add-on:
http://docs.splunk.com/Documentation/UnixAddOn/5.2.3/User/SourcetypesandCIMdatamodelinfo
Hope it helps. Thanks!
Hunter Shen
Hi lloydknight,
Yes, the Add-on for Unix and Linux does include the top sourcetype that captures output from the *nix top command.
Please refer to the following page for a full list of source types included in this add-on:
http://docs.splunk.com/Documentation/UnixAddOn/5.2.3/User/SourcetypesandCIMdatamodelinfo
Hope it helps. Thanks!
Hunter Shen
Thank you for the link, but I can't seem to find the event/field where the server is up. For example, Server-A's top command is up 132 days, 17:24. Tried searching the 132 days and failed. Is it converted to seconds or something equivalent to 132 days that I am missing? Thanks.
Hello, already figured this out. I used the process systemd to determine the server's uptime since systemd's process ID is 1. So I am just assuming that systemd daemon is parallel to server's uptime.
Here's my search:
index=os host=* source=ps PID=1 |
stats latest(ELAPSED) AS "DD -
HH:MM:SS" by host | sort - "DD -
HH:MM:SS"