Solved: Re: Splunk_TA_nix on EC2 Instances

sloshburch · ‎03-10-2016

While playing with EC2 instances, I have the Splunk_TA_nix app deployed. The cpu.sh returns nothing because sar and mpstat are not found on the EC2 host.

I understand that Linux has other ways to pull in system metrics, but things are obviously simpler if the same Splunk_TA_nix could be used everywhere I have *nix.

Anyone solve this quirk?

wvonalt_splunk · ‎03-10-2016

@Burch - you've already hit the nail on the head... just install the war package on the system and the problem is solved.

View solution in original post

wvonalt_splunk · ‎03-10-2016

@Burch - you've already hit the nail on the head... just install the war package on the system and the problem is solved.

sloshburch · ‎03-10-2016

Oh, so manually install sar or mpstat? I was hoping we were just missing some other cpu command from our cpu.sh script 😞

sloshburch · ‎03-10-2016

Building off my own sillyness and expanding on @wvonalt answer:

Looks like it's as simple as yum install sysstat

sloshburch · ‎03-11-2016

My peers also hooked me up with this link, good to share here: http://docs.splunk.com/Documentation/UnixAddOn/latest/User/Whatdataarecollected

Splunk_TA_nix on EC2 Instances

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases