Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Version: 1.0
Date: 22.04.2010
Seite 1/6
Project
Project Leader
Responsible
Created
Last Change
Revision
Reference
Change log
No.
1
Date
22.04.2010
Version
1.0
Author
Sznyi
Comment
Create Document
Seite 2/6
Table of Contents
1
2
3
4
5
6
Why ........................................................................................................................................................................................................4
Readme.................................................................................................................................................................................................4
Create new Scripts (Example: rtop.sh) ......................................................................................................................................5
Add Script Input at Splunk .............................................................................................................................................................5
Control your new Input...................................................................................................................................................................6
Summary ..............................................................................................................................................................................................6
Seite 3/6
1 Why
Because it could be that the System Administrators do not want to install the Splunk Forwarder on their
Systems.
2 Readme
Requirements:
Copy the scripts you want to use from the *nix App from Splunk
Example with top.sh
Login at the Splunk Host (Indexer or Forwarder)
#
#
#
#
sudo su rmonitor
ssh rmonitor@remotehost mkdir p monitoring/scripts
scp /opt/splunk/etc/apps/unix/bin/top.sh rmonitor@remotehost:/usr/rmonitor/monitoring/scripts
scp /opt/splunk/etc/apps/unix/bin/common.sh rmonitor@remotehost:/usr/rmonitor/monitoring/scripts
Test the script , Login at the remotehost with the user rmonitor
# cd /usr/rmonitor/monitoring/scripts
# ./top.sh
Example Output:
PID USER
PR
NI
VIRT
1388 rmonitor
20
0
19148
1 root
20
0
19296
2 root
15
-5
0
3 root
RT
-5
0
4 root
15
-5
0
RES
1168
1544
0
0
0
SHR
S
876
1128
0
0
0
pctCPU
R
S
S
S
S
pctMEM
2
0.2
0
0.3
0
0.0
0
0.0
0
0.0
Seite 4/6
cpuTIME COMMAND
0:00.02 top
0:01.98 init
0:00.03 kthreadd
0:00.03 migration/0
0:00.01 ksoftirqd/0
Host
Host field value (optional)
remotehost
Source type
Set sourcetype field for all events from this source.
Set sourcetype
Manual
Source type (optional)
top
Index
Set the destination index for this source.
Index
os
Seite 5/6
6 Summary
If you have test this with the top.sh script you can make the same with all other scripts at
/opt/splunk/etc/apps/unix/bin .
It is also an example for your own scripts that you want to index remotely.
Seite 6/6