- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk add-on for unix and linux: nfsiostat suppor...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
App: https://splunkbase.splunk.com/app/833
It looks like the nfsiostat.sh script is not compatible with the RHEL9. I'm testing with Rocky9.2 and the nfsiostat command output is already different to 7.9.
EDIT: It seems to support RHEL9 explicitly (without the new columns), but NOT Rocky9.
Example from 7.9:
# nfsiostat
server:/mnt/yumrepo mounted on /repos/pkg.repo.d:
op/s rpc bklog
33.88 0.00
read: ops/s kB/s kB/op retrans avg RTT (ms) avg exe (ms)
1.382 43.682 31.613 3357 (0.0%) 0.612 1.551
write: ops/s kB/s kB/op retrans avg RTT (ms) avg exe (ms)
4.595 138.038 30.041 1041 (0.0%) 1.659 11.039
Example from Rocky9.2:
- First op/s => ops/s
- 2 new metrics: "avg queue (ms)" and "errors"
server:/mnt/yumrepo mounted on /repos/pkg.repo.d:
ops/s rpc bklog
0.453 0.000
read: ops/s kB/s kB/op retrans avg RTT (ms) avg exe (ms) avg queue (ms) errors
0.000 0.001 1.356 0 (0.0%) 0.096 0.108 0.006 0 (0.0%)
write: ops/s kB/s kB/op retrans avg RTT (ms) avg exe (ms) avg queue (ms) errors
0.001 0.035 25.519 0 (0.0%) 0.562 0.600 0.027 0 (0.0%)
nfsiostat.sh script cannot parse the new format and currently I get something like this:
# /usr/ipbx/splunkforwarder/etc/apps/Splunk_TA_nix/bin/nfsiostat.sh
Mount Path r_op/s w_op/s r_KB/s w_KB/s rpc_backlog r_avg_RTT w_avg_RTT r_avg_exe w_avg_exe
server:/mnt/yumrepo /repos/pkg.repo.d read: write: ops/s ops/s 0.000 avg avg RTT RTT
0.000 0.001 rpc 0.096 0.108
0.001 0.453 read: 0.000 ops/s avg RTT
write: kB/o ops/s rpc mounted
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I will create a support request also.
A quick and dirty workaround to get at least the same old columns from Rocky9 I can use field ID_LIKE from /etc/os-release:
if [ -e $OS_FILE ] && ( ( (awk -F'=' '/ID_LIKE=/ {print $2}' $OS_FILE | grep -q rhel) ...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is a Splunk-supported add-on so you can submit a support request (if you have entitlement) for RHEL9 support.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I will create a support request also.
A quick and dirty workaround to get at least the same old columns from Rocky9 I can use field ID_LIKE from /etc/os-release:
if [ -e $OS_FILE ] && ( ( (awk -F'=' '/ID_LIKE=/ {print $2}' $OS_FILE | grep -q rhel) ...
Detecting Remote Code Executions With the Splunk Threat Research Team
Enter the Splunk Community Dashboard Challenge for Your Chance to Win!
.conf24 | Session Scheduler is Live!!
