Configure Splunk App/Add-on for Infrastructure for Linux server

Configure Splunk App/Add-on for Infrastructure for Linux server

“Splunk App for Infrastructure” monitors metrics logs from Linux servers, Microsoft Windows servers, Amazon EC2, ELB and EBS instances, Kubernetes clusters, OpenShift clusters, Docker containers, and VMware vCenter Servers for performance monitoring and troubleshooting of your infrastructure.

“Splunk Add-on for Infrastructure” comes with “Splunk App for Infrastructure”, which provides a list of indexes required for the infrastructure monitoring. Both are complementary to each other.

So let’s try to understand the road map, we have one UF, HF, IDX, and an SH. All are in a Linux environment. We will try to collect a performance log from our HF and will do infrastructure monitoring in SH.

1st Step: Install “Splunk app for Infrastructure” in SH

First of all, log in to SH with your credentials.

Then install the app by clicking “Find more apps” from the home page.

Click on Install and give your credentials to install.

Then restart your SH.

2nd Step: Install “Splunk add-on for Infrastructure” in IDX

First of all, log in to SH with your credentials.

Then install the app by clicking “Find more apps” from the home page.

Click on Install and give your credentials to install.

Then restart your IDX.

Now click on Settings and Indexes. Now search with “em_”

These two indexes come with this add-on, “Splunk App for Infrastructure” which will use these metrics indexes to store metrics logs.

3rd Step: Install “Splunk add on for unix and linux” in host server

So our next step will be installing “Splunk add on for UNIX and Linux” in the host server, in our case, we will monitor HF. so we will install “Splunk add on for UNIX and Linux” in HF.

Firstly, log in to SH with your credentials.

Then install the app by clicking “Find more apps” from the home page.

Click on Install and give your credentials to install.

 Now go to the back end of your HF.

#sudo su
#cd /opt/splunk/etc/apps/Splunk_TA_nix/default

Then edit the existing “inputs.conf”

#vi inputs.conf

Now edit only metrics input stanza as shown below.

Add,

index=em_metrics
disabled=0

Then restart HF.

# /opt/splunk/bin/splunk restart

Result:

Now go to the SH and navigate to “Splunk App for infrastructure”.

Then we will see that a new host entity has been added (HF).

Now click on the entity name to monitor your HF infrastructure.

Hope you all enjoyed this blog “Configure Splunk App/Add-on for Infrastructure for Linux server“. see you all on to the next one.

Happy Splunking!!