I recently made a stab at porting the lsof *nix app to AIX. I realize this is an unsupported configuration, but we AIX users feel left out!
Anyways, it wasn't that hard to port. We already had lsof for AIX compiled. I just modified common.sh to fake it into believing it supports AIX, copied the props.conf, and off I went.
It runs lsof.sh and indexes the information, but I guess I was expecting more. Maybe I have more work to do on porting it, but for now it seems to just run lsof and captures the output of the command into a single 500 line entry. No special fields or anything like that.
Is that the expected behavior of lsof for *nix? Or is there more to it that I am missing? What is the difference between lsof for *nix versus running lsof.sh as your own app?
asked 14 Sep '10, 12:45
There isn't a big difference, and shouldn't be. The only reason we have the scripts is to make sure that the "right" fields are output, and that the same fields are output with the same names across different platforms, and that the "right" options are specified to render the correct output (e.g., resolve hostnames vs show IP addresses, resolve port names vs numbers, show files or just network ports, UDP vs TCP ports, etc.)
So yes, the script is meant to be very simple, just to standardize the data that goes into Splunk. Any sophistication comes afterwards from the searches in the *nix application dashboards, which make assumptions about what data is present and how it is named.
answered 14 Sep '10, 17:15