From 13b1e503eac8d3cefb138abf891ca4a8e8b46bec Mon Sep 17 00:00:00 2001 From: Michael Erdely Date: Tue, 3 Jun 2025 17:26:49 -0400 Subject: [PATCH] Merge in Splunk Add-On for Unix and Linux version 10.1.0 --- THIRDPARTY | 6 +- VERSION | 4 +- app.manifest | 2 +- bin/cpu.sh | 69 ++++++++-- bin/cpu_metric.sh | 69 ++++++++-- bin/df.sh | 294 +++++++++++++++++++++++++++++----------- bin/hardware.sh | 2 +- bin/iostat.sh | 8 +- bin/iostat_metric.sh | 8 +- bin/lsof.sh | 3 +- bin/nfsiostat.sh | 2 +- bin/ps.sh | 10 +- bin/ps_metric.sh | 22 +-- bin/rlog.sh | 36 +++-- bin/vmstat.sh | 11 +- bin/vmstat_metric.sh | 14 +- default/app.conf | 6 +- default/props.conf | 20 +-- default/transforms.conf | 2 +- docs/ReleaseNotes.md | 8 ++ 20 files changed, 429 insertions(+), 167 deletions(-) diff --git a/THIRDPARTY b/THIRDPARTY index 4b08779..f98220a 100644 --- a/THIRDPARTY +++ b/THIRDPARTY @@ -7,9 +7,9 @@ The following 3rd-party software packages may be used by or distributed with splunk-add-on-for-unix-and-linux. Any information relevant to third-party vendors listed below are collected using common, reasonable means. -Date generated: 2025-1-31 +Date generated: 2025-4-25 -Revision ID: 79a4b3bf642285d427e11cd81adb8baaf923e0e9 +Revision ID: 54ebe4046afb33b20d0f5a24affec0e4323297b6 ================================================================================ ================================================================================ @@ -65,4 +65,4 @@ No licenses found -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -Report Generated by FOSSA on 2025-1-31 +Report Generated by FOSSA on 2025-4-25 diff --git a/VERSION b/VERSION index 3c35f76..dd06971 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -10.0.0.1 -10.0.0.1 +10.1.0.0 +10.1.0.0 diff --git a/app.manifest b/app.manifest index 521d014..b5e4bc8 100644 --- a/app.manifest +++ b/app.manifest @@ -29,7 +29,7 @@ "id": { "group": null, "name": "TA-unix", - "version": "10.0.0.1" + "version": "10.1.0.0" }, "license": { "name": "Splunk Software License Agreement", diff --git a/bin/cpu.sh b/bin/cpu.sh index 6e13cff..95ed81c 100755 --- a/bin/cpu.sh +++ b/bin/cpu.sh @@ -42,17 +42,64 @@ if [ "$KERNEL" = "Linux" ] ; then echo "Cmd = [$CMD]; | $AWK '$FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST" exit elif [ "$KERNEL" = "SunOS" ] ; then - formatted_date=$(date +"%m/%d/%y_%H:%M:%S_%Z") - if [ "$SOLARIS_8" = "true" ] || [ "$SOLARIS_9" = "true" ] ; then - CMD='eval mpstat -a -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -p 1 2 | tail -r' - else - CMD='eval mpstat -aq -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -q -p 1 2 | tail -r' - fi - assertHaveCommand "$CMD" - # shellcheck disable=SC2016 - FILTER='($1=="CPU") {exit 1}' - # shellcheck disable=SC2016 - FORMAT='{datetime="'"$formatted_date"'"; cpu=$1; pctUser=$(NF-4); pctNice="0"; pctSystem=$(NF-3); pctIowait=$(NF-2); pctIdle=$(NF-1)}' + CMD='mpstat -p 2 5' + FORMAT=' + + function get_cpu_count(){ + command = "psrinfo -p"; # Use this for Solaris + command | getline cpu_count; + close(command); + return cpu_count; + } + + BEGIN { + cpu_processed = 0; + user_sum = system_sum = iowait_sum = idle_sum = 0; + # Dynamically set CPU count + cpu_count = get_cpu_count(); + last_cpu = cpu_count-1; + } + + function get_current_time() { + command = "date +\"%m/%d/%y_%H:%M:%S_%Z\""; + command | getline datetime; + close(command); + return datetime; + }{ + datetime=get_current_time(); + cpu=$1; + pctUser=$(NF-4); + pctNice="0"; + pctSystem=$(NF-3); + pctIowait=$(NF-2); + pctIdle=$(NF-1); + + user_sum += pctUser; + system_sum += pctSystem; + iowait_sum += pctIowait; + idle_sum += pctIdle; + cpu_processed++; + } + ' + FILTER='($0 ~ /CPU/) { if($(NF-1) ~ /gnice/){ NFIELDS=NF; } else {NFIELDS=NF+1;} next} /Average|Linux|^$|%/ {next}' + PRINTF=' + { + if (cpu ~ /0/) { + print header; + printf "%-28s %-3s %9s %9s %9s %9s %9s\n", datetime, cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle; + } else if (cpu ~ last_cpu) { + printf "%-28s %-3s %9s %9s %9s %9s %9s\n", datetime, cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle; + printf "%-28s %-3s %9s %9s %9s %9s %9s\n", datetime, "all", user_sum / cpu_count, pctNice, system_sum / cpu_count, iowait_sum / cpu_count, idle_sum / cpu_count; + cpu_processed = 0; + user_sum = system_sum = iowait_sum = idle_sum = 0; + }else{ + printf "%-28s %-3s %9s %9s %9s %9s %9s\n", datetime, cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle; + } + }' + $CMD | tee "$TEE_DEST" | $AWK "$FILTER $FORMAT $PRINTF" header="$HEADER" + echo "Cmd = [$CMD]; | $AWK '$FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST" + exit + elif [ "$KERNEL" = "AIX" ] ; then queryHaveCommand mpstat queryHaveCommand lparstat diff --git a/bin/cpu_metric.sh b/bin/cpu_metric.sh index ac6ede7..1732c2b 100755 --- a/bin/cpu_metric.sh +++ b/bin/cpu_metric.sh @@ -7,7 +7,6 @@ . "$(dirname "$0")"/common.sh assertHaveCommand column - HEADER='Datetime pctUser pctNice pctSystem pctIowait pctIdle OSName OS_version IP_address CPU' HEADERIZE="BEGIN {print \"$HEADER\"}" PRINTF='{printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address,cpu}' @@ -37,18 +36,64 @@ if [ "$KERNEL" = "Linux" ] ; then # shellcheck disable=SC2016 FILTER='($0 ~ /CPU/) { if($(NF-1) ~ /gnice/){ NFIELDS=NF; } else {NFIELDS=NF+1;} next} /Average|Linux|^$|%/ {next}' elif [ "$KERNEL" = "SunOS" ] ; then - formatted_date=$(date +"%m/%d/%y_%H:%M:%S_%Z") - if [ "$SOLARIS_8" = "true" ] || [ "$SOLARIS_9" = "true" ] ; then - CMD='eval mpstat -a -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -p 1 2 | tail -r' - else - CMD='eval mpstat -aq -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -q -p 1 2 | tail -r' - fi + CMD='mpstat -p 2 5' DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1)" - assertHaveCommand "$CMD" - # shellcheck disable=SC2016 - FILTER='($1=="CPU") {exit 1}' - # shellcheck disable=SC2016 - FORMAT='{datetime="'"$formatted_date"'"; cpu=$1; pctUser=$(NF-4); pctNice="0"; pctSystem=$(NF-3); pctIowait=$(NF-2); pctIdle=$(NF-1);OSName=OSName;OS_version=OS_version;IP_address=IP_address;}' + FORMAT=' + + function get_cpu_count(){ + command = "psrinfo -p"; # Use this for Solaris + command | getline cpu_count; + close(command); + return cpu_count; + } + + BEGIN { + cpu_processed = 0; + user_sum = system_sum = iowait_sum = idle_sum = 0; + # Dynamically set CPU count + cpu_count = get_cpu_count(); + last_cpu = cpu_count-1; + } + + function get_current_time() { + command = "date +\"%m/%d/%y_%H:%M:%S_%Z\""; + command | getline datetime; + close(command); + return datetime; + }{ + datetime=get_current_time(); + cpu=$1; + pctUser=$(NF-4); + pctNice="0"; + pctSystem=$(NF-3); + pctIowait=$(NF-2); + pctIdle=$(NF-1); + + user_sum += pctUser; + system_sum += pctSystem; + iowait_sum += pctIowait; + idle_sum += pctIdle; + cpu_processed++; + } + ' + FILTER='($0 ~ /CPU/) { if($(NF-1) ~ /gnice/){ NFIELDS=NF; } else {NFIELDS=NF+1;} next} /Average|Linux|^$|%/ {next}' + PRINTF=' + { + if (cpu ~ /0/) { + print header; + {printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address,cpu} + } else if (cpu ~ last_cpu) { + {printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address,cpu} + printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, user_sum / cpu_count, pctNice, system_sum / cpu_count, iowait_sum / cpu_count, idle_sum / cpu_count, OSName, OS_version, IP_address, "all"; + cpu_processed = 0; + user_sum = system_sum = iowait_sum = idle_sum = 0; + }else{ + {printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address,cpu} + } + }' + $CMD | tee "$TEE_DEST" | $AWK $DEFINE "$FILTER $FORMAT $FILL_DIMENSIONS $PRINTF" header="$HEADER" + echo "Cmd = [$CMD]; | $AWK $DEFINE '$FILTER $FORMAT $FILL_DIMENSIONS $PRINTF' header=\"$HEADER\"" >>"$TEE_DEST" + exit elif [ "$KERNEL" = "AIX" ] ; then queryHaveCommand mpstat queryHaveCommand lparstat diff --git a/bin/df.sh b/bin/df.sh index 6c191ef..e17e80a 100755 --- a/bin/df.sh +++ b/bin/df.sh @@ -120,9 +120,46 @@ elif [ "$KERNEL" = "AIX" ] ; then assertHaveCommandGivenPath /usr/bin/df CMD='eval /usr/sysv/bin/df -n ; /usr/bin/df -kP -F %u %f %z %l %n %p %m' - # Normalize Size, Used and Avail columns + #Maps fsType # shellcheck disable=SC2016 - NORMALIZE=' + MAP_FS_TO_TYPE='/: / { + key = ""; + value = ""; + foundColon = 0; + + for (i = 1; i <= NF; i++) { + if (!foundColon) { + if ($i ~ /:$/) { + clean = $i; + sub(/:$/, "", clean); + if (clean != "") { + key = (key ? key " " : "") clean; + } + foundColon = 1; + } else { + if ($i != "") { + key = (key ? key " " : "") $i; + } + } + } else if ($i ~ /[a-zA-Z0-9]/ && value == "") { + value = $i; + } + } + + gsub(/ /, " ", key); + + fsTypes[key] = value; + }' + + + # shellcheck disable=SC2016 + BEGIN='BEGIN { + OFS = "\t"; + printedHeader = 0; + }' + # Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables + # shellcheck disable=SC2016 + PRINTF=' function fromKB(KB) { MB = KB/1024; if (MB<1024) return MB "M"; @@ -131,68 +168,80 @@ elif [ "$KERNEL" = "AIX" ] ; then TB = GB/1024; return TB "T" } { - if($0 ~ /^Filesystem.*/){ - for(i=1;i<=NF;i++){ - if($i=="1024-blocks") {sizeCol=i; sizeFlag=1;} - if($i=="Used") {usedCol=i; usedFlag=1;} - if($i=="Available") {availCol=i; availFlag=1;} - } - } - if(!($0 ~ /^Filesystem.*/) && sizeFlag==1) - $sizeCol=fromKB($sizeCol); - if(!($0 ~ /^Filesystem.*/) && usedFlag==1) - $usedCol=fromKB($usedCol); - if(!($0 ~ /^Filesystem.*/) && availFlag==1) - $availCol=fromKB($availCol); - }' + if ($0 ~ /^Filesystem.*/) { + if (!printedHeader) { + sub("%iused", "IUsePct", $0); + header_field_count = NF; - #Maps fsType - # shellcheck disable=SC2016 - MAP_FS_TO_TYPE='/: / { - for(i=1;i<=NF;i++){ - if($i ~ /^\/.*/) - keyCol=i; - else if($i ~ /[a-zA-Z0-9]/) - valueCol=i; - } - if($keyCol ~ /^\/.*:/) - fsTypes[substr($keyCol,1,length($keyCol)-1)] = $valueCol; - else - fsTypes[$keyCol]=$valueCol; - }' + for (i = 1; i <= NF; i++) { + if ($i == "iused") iusedCol = i; + if ($i == "ifree") ifreeCol = i; + if ($i == "Mounted" && $(i + 1) == "on") { + mountedCol = i; + sub("Mounted on", "MountedOn", $0); + } + } - # shellcheck disable=SC2016 - BEGIN='BEGIN { OFS = "\t" }' - # Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables - # shellcheck disable=SC2016 - PRINTF=' - { - if($0 ~ /^Filesystem.*/){ - sub("%Iused","IUsePct",$0); - for(i=1;i<=NF;i++){ - if($i=="Iused") iusedCol=i; - if($i=="Ifree") ifreeCol=i; + $(NF + 1) = "Type"; + $(NF + 1) = "INodes"; + printf "%-50s %-8s %-8s %-8s %-10s %-8s %-8s %-7s %-25s %-10s %-8s\n", + "Filesystem", "Size", "Used", "Avail", "Capacity", + "iused", "ifree", "IUsePct","MountedOn", "Type", "INodes"; + printedHeader = 1; + } + next; + } - if($i=="Mounted" && $(i+1)=="on"){ - mountedCol=i; - sub("Mounted on","MountedOn",$0); - } - } - $(NF+1)="Type"; - $(NF+1)="INodes"; - print $0; - } - } - { - for(i=1;i<=NF;i++) - { - if($i ~ /^\/\S*/ && i==mountedCol && !(fsTypes[$mountedCol]~/(devfs|ctfs|proc|mntfs|objfs|lofs|fd|tmpfs)/) && !($0 ~ /.*\/proc.*/)){ - $(NF+1)=fsTypes[$mountedCol]; - $(NF+1)=$iusedCol+$ifreeCol; - print $0; - } - } - }' + if (NF >= 8 && $0 !~ /\(.*\)/ && $0 !~ /^.* on \/.* \(/) { + found = 0 + for (i = 1; i <= NF - 6; i++) { + cond = ($(i) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i) == "-") && + ($(i+1) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i+1) == "-") && + ($(i+2) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i+2) == "-") && + ($(i+3) ~ /^[0-9]+%$/ || $(i+3) == "-") && + ($(i+4) ~ /^[0-9]+(\.[0-9]+)?[kMGTPBi]?$/ || $(i+4) == "-") && + ($(i+5) ~ /^[0-9]+(\.[0-9]+)?[kMGTPBi]?$/ || $(i+5) == "-") && + ($(i+6) ~ /^[0-9]+%$/ || $(i+6) == "-") + if (cond) { + start = i + found = 1 + break + } + } + + if (!found) { + next + } + + fs = $1 + for (j = 2; j < start; j++) { + print($j) + fs = fs " " $j + } + gsub("^/dev/", "", fs); + gsub("s[0-9]+$", "", fs); + + size = fromKB($(start)) + used = fromKB($(start + 1)) + avail = fromKB($(start + 2)) + capacity = $(start + 3) + iused = $(start + 4) + ifree = $(start + 5) + iusepct = $(start + 6) + + mounted = $(start + 7) + for (k = start + 8; k <= NF; k++) { + mounted = mounted " " $k + } + + fstype = (mounted in fsTypes) ? fsTypes[mounted] : "-"; + inodes = iused + ifree; + + printf "%-50s %-8s %-8s %-8s %-10s %-8s %-8s %-7s %-25s %-10s %-8s\n", + fs, size, used, avail, capacity, + iused, ifree, iusepct, mounted, fstype, inodes; + } + }' elif [ "$KERNEL" = "HP-UX" ] ; then assertHaveCommand df @@ -215,24 +264,115 @@ elif [ "$KERNEL" = "Darwin" ] ; then assertHaveCommand df CMD='eval mount -t nocddafs,autofs,devfs,fdesc,nfs; df -h -T nocddafs,autofs,devfs,fdesc,nfs' # shellcheck disable=SC2016 - BEGIN='BEGIN { OFS = "\t" }' + BEGIN='BEGIN { + OFS = "\t"; + printedHeader = 0; + }' #Maps fsType # shellcheck disable=SC2016 - MAP_FS_TO_TYPE='/ on / { - for (i = 1; i <= NF; i++) { - if ($i == "on" && $(i + 1) ~ /^\/.*/) - key=$(i+1); - if($i ~ /^\(/) - value = substr($i, 2, length($i) - 2); - } - fsTypes[key] = value; - }' - PRINTF='/^Filesystem/ { - printf "Filesystem\tType\tSize\tUsed\tAvail\tUse%%\tInodes\tIUsed\tIFree\tIUse%%\tMountedOn\n"; - } - $0 !~ /^Filesystem/ && $0 !~ / on / { - printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, fsTypes[$NF], $2, $3, $4, $5, $6+$7, $6, $7, $8, $9; - }' + MAP_FS_TO_TYPE='/ on / { + key = ""; + value = ""; + + for (i = 1; i <= NF; i++) { + if ($i == "on") { + # Start capturing key from the next field + j = i + 1; + while (j <= NF && $(j) !~ /^\(/) { + key = (key == "") ? $(j) : key " " $(j); + j++; + } + } + + if ($i ~ /^\(/) { + value = substr($i, 2); # Remove starting ( + # Optionally remove trailing comma/parenthesis if needed + if (substr(value, length(value), 1) == "," || substr(value, length(value), 1) == ")") { + value = substr(value, 1, length(value)-1); + } + } + } + + gsub(/ /, " ", key); # Replace spaces with   + fsTypes[key] = value; + }' + # Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables + # shellcheck disable=SC2016 + PRINTF='{ + if ($0 ~ /^Filesystem.*/) { + if (!printedHeader) { + sub("%iused", "IUsePct", $0); + header_field_count = NF; + + for (i = 1; i <= NF; i++) { + if ($i == "iused") iusedCol = i; + if ($i == "ifree") ifreeCol = i; + if ($i == "Mounted" && $(i + 1) == "on") { + mountedCol = i; + sub("Mounted on", "MountedOn", $0); + } + } + + $(NF + 1) = "Type"; + $(NF + 1) = "INodes"; + printf "%-50s %-8s %-8s %-8s %-10s %-8s %-8s %-7s %-25s %-10s %-8s\n", + "Filesystem", "Size", "Used", "Avail", "Capacity", + "iused", "ifree", "IUsePct","MountedOn", "Type", "INodes"; + printedHeader = 1; + } + next; + } + + if (NF >= 8 && $0 !~ /\(.*\)/ && $0 !~ /^.* on \/.* \(/) { + found = 0 + for (i = 1; i <= NF - 6; i++) { + cond = ($(i) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i) == "-") && + ($(i+1) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i+1) == "-") && + ($(i+2) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i+2) == "-") && + ($(i+3) ~ /^[0-9]+%$/ || $(i+3) == "-") && + ($(i+4) ~ /^[0-9]+(\.[0-9]+)?[kMGTPBi]?$/ || $(i+4) == "-") && + ($(i+5) ~ /^[0-9]+(\.[0-9]+)?[kMGTPBi]?$/ || $(i+5) == "-") && + ($(i+6) ~ /^[0-9]+%$/ || $(i+6) == "-") + if (cond) { + start = i + found = 1 + break + } + } + + if (!found) { + next + } + + fs = $1 + for (j = 2; j < start; j++) { + fs = fs " " $j + } + gsub("^/dev/", "", fs); + gsub("s[0-9]+$", "", fs); + + size = $(start) + used = $(start + 1) + avail = $(start + 2) + capacity = $(start + 3) + iused = $(start + 4) + ifree = $(start + 5) + iusepct = $(start + 6) + + mounted = $(start + 7) + for (k = start + 8; k <= NF; k++) { + mounted = mounted " " $k + } + + fstype = (mounted in fsTypes) ? fsTypes[mounted] : "-"; + inodes = iused + ifree; + + printf "%-50s %-8s %-8s %-8s %-10s %-8s %-8s %-7s %-25s %-10s %-8s\n", + fs, size, used, avail, capacity, + iused, ifree, iusepct, mounted, fstype, inodes; + } + }' + elif [ "$KERNEL" = "OpenBSD" ] ; then assertHaveCommand mount diff --git a/bin/hardware.sh b/bin/hardware.sh index 8113a4f..8374bd7 100755 --- a/bin/hardware.sh +++ b/bin/hardware.sh @@ -17,7 +17,7 @@ if [ "$KERNEL" = "Linux" ] ; then CPU_TYPE=$(awk -F: '/model name/ {print $2; exit}' /proc/cpuinfo 2>>"$TEE_DEST") CPU_CACHE=$(awk -F: '/cache size/ {print $2; exit}' /proc/cpuinfo 2>>"$TEE_DEST") CPU_COUNT=$(grep -c processor /proc/cpuinfo 2>>"$TEE_DEST") - [ -z "$CPU_TYPE" ] && [ -r /proc/device-tree/compatible ] && CPU_TYPE=$(cat /proc/device-tree/compatible | tr '\0' ',') + [ -z "$CPU_TYPE" ] && [ -r /proc/device-tree/compatible ] && CPU_TYPE=$(cat /proc/device-tree/compatible | sed 's/\0/,/g;s/,$//') # HDs # shellcheck disable=SC2010 for deviceBasename in $(ls /sys/block | grep -E -v '^(dm|md|ram|sr|loop)') diff --git a/bin/iostat.sh b/bin/iostat.sh index 3f977df..2834860 100755 --- a/bin/iostat.sh +++ b/bin/iostat.sh @@ -10,17 +10,17 @@ assertHaveCommand column if [ "$KERNEL" = "Linux" ] ; then - CMD='iostat -xky 1 1' + CMD='iostat -xky 60 1' assertHaveCommand "$CMD" # considers the device, r/s and w/s columns and returns output of the first interval FILTER='/Device/ && /r\/s/ && /w\/s/ {f=1;}f' elif [ "$KERNEL" = "SunOS" ] ; then - CMD='iostat -xn 1 2' + CMD='iostat -xn 60 2' assertHaveCommand "$CMD" # considers the device, r/s and w/s columns and returns output of the second interval FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2' elif [ "$KERNEL" = "AIX" ] ; then - CMD='iostat 1 2' + CMD='iostat 60 2' assertHaveCommand "$CMD" # considers the disks, kb_read and kb_wrtn columns and returns output of the second interval FILTER='/^cd/ {next} /Disks/ && /Kb_read/ && /Kb_wrtn/ {f++;} f==2' @@ -31,7 +31,7 @@ elif [ "$KERNEL" = "OpenBSD" ] ; then HEADERIZE="BEGIN {print \"$HEADER\"}" FILTER=$HEADERIZE'/^[^ \t]/ && !/^(DEVICE|Totals)/{printf "%-7s %.2f %.2f %d %d\n", $1, $2/1024, $3/1024, $4, $5}' elif [ "$KERNEL" = "FreeBSD" ] ; then - CMD='iostat -x -c 2' + CMD='iostat -x -c 2 -w 60' assertHaveCommand "$CMD" # considers the device, r/s and w/s columns and returns output of the second interval FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2' diff --git a/bin/iostat_metric.sh b/bin/iostat_metric.sh index 0680c86..acd983c 100755 --- a/bin/iostat_metric.sh +++ b/bin/iostat_metric.sh @@ -11,7 +11,7 @@ assertHaveCommand column if [ "$KERNEL" = "Linux" ] ; then - CMD='iostat -xky 1 1' + CMD='iostat -xky 60 1' assertHaveCommand "$CMD" if [ ! -f "/etc/os-release" ] ; then DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')" @@ -22,7 +22,7 @@ if [ "$KERNEL" = "Linux" ] ; then # shellcheck disable=SC2016 PRINTF='{if ($0~/Device/) {printf "%s OSName OS_version IP_address \n", $0} else if (NF!=0) {printf "%s %s %s %s\n", $0, OSName, OS_version, IP_address}}' elif [ "$KERNEL" = "SunOS" ] ; then - CMD='iostat -xn 1 2' + CMD='iostat -xn 60 2' # jscpd:ignore-start assertHaveCommand "$CMD" DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1)" @@ -31,7 +31,7 @@ elif [ "$KERNEL" = "SunOS" ] ; then PRINTF='{if ($0~/device/ && /r\/s/ && /w\/s/) {printf "%s OSName OS_version IP_address \n", $0} else if (NF!=0) {printf "%s %s %s %s\n", $0, OSName, OS_version, IP_address}}' # jscpd:ignore-end elif [ "$KERNEL" = "AIX" ] ; then - CMD='iostat 1 2' + CMD='iostat 60 2' assertHaveCommand "$CMD" DEFINE="-v OSName=$(uname -s) -v OS_version=$(oslevel -r | cut -d'-' -f1) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1)" FILTER='/^cd/ {next} /Disks/ && /Kb_read/ && /Kb_wrtn/ {f++;} f==2' @@ -45,7 +45,7 @@ elif [ "$KERNEL" = "OpenBSD" ] ; then HEADERIZE="BEGIN {print \"$HEADER\"}" FILTER=$HEADERIZE'/^[^ \t]/ && !/^(DEVICE|Totals)/{printf "%-7s %.2f %.2f %d %d %s %s %s\n", $1, $2/1024, $3/1024, $4, $5, OSName, OS_version, IP_address}' elif [ "$KERNEL" = "FreeBSD" ] ; then - CMD='iostat -x -c 2' + CMD='iostat -x -c 2 -w 60' assertHaveCommand "$CMD" DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1)" FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2' diff --git a/bin/lsof.sh b/bin/lsof.sh index 429e5a2..2a68bb0 100755 --- a/bin/lsof.sh +++ b/bin/lsof.sh @@ -21,7 +21,8 @@ if [[ "$KERNEL" = "Linux" ]] || [[ "$KERNEL" = "HP-UX" ]] || [[ "$KERNEL" = "Dar # shellcheck disable=SC2016 FILTER='/KQUEUE|PIPE|PSXSEM/ {next}' elif [ "$KERNEL" = "FreeBSD" ] ; then - if [[ $KERNEL_RELEASE =~ 11.* ]] || [[ $KERNEL_RELEASE =~ 12.* ]] || [[ $KERNEL_RELEASE =~ 13.* ]]; then + major=${KERNEL_RELEASE%%.*} + if ((major >= 13)); then # empty condition to allow the execution of script as is echo > /dev/null else diff --git a/bin/nfsiostat.sh b/bin/nfsiostat.sh index 5531443..1c3ba7c 100755 --- a/bin/nfsiostat.sh +++ b/bin/nfsiostat.sh @@ -50,7 +50,7 @@ if [ "$KERNEL" = "Linux" ] ; then then # shellcheck disable=SC2016 OS_RELEASE=$(awk -F= '/^ID=/ {gsub(/"/, "", $2); id=$2} /^VERSION_ID=/ {gsub(/"/, "", $2); ver=$2} END {print id ":" ver}' "$OS_FILE") - if [ "$OS_RELEASE" = "ubuntu:18.04" ] || [ "$OS_RELEASE" = "ubuntu:20.04" ] || [ "$OS_RELEASE" = "ubuntu:22.04" ] || [ "$OS_RELEASE" = "rocky:9.5" ] || [ "$OS_RELEASE" = "almalinux:9.5" ] || [ "$OS_RELEASE" = "ol:8.9" ] ; then # Ubuntu 18.04, 20.04 and 22.04 # Rocky or AlmaLinux 9.5 # Oracle Linux 8.9 + if [ "$OS_RELEASE" = "ubuntu:18.04" ] || [ "$OS_RELEASE" = "ubuntu:20.04" ] || [ "$OS_RELEASE" = "ubuntu:22.04" ] || [ "$OS_RELEASE" = "ubuntu:24.04" ] || [ "$OS_RELEASE" = "rocky:9.5" ] || [ "$OS_RELEASE" = "almalinux:9.5" ] || [ "$OS_RELEASE" = "ol:8.9" ] ; then # Ubuntu 18.04, 20.04 and 22.04 # Rocky or AlmaLinux 9.5 # Oracle Linux 8.9 # shellcheck disable=SC2016 FORMAT='{ if (NR%10==2){ diff --git a/bin/ps.sh b/bin/ps.sh index 41468aa..d997f74 100755 --- a/bin/ps.sh +++ b/bin/ps.sh @@ -6,15 +6,18 @@ . "$(dirname "$0")"/common.sh # shellcheck disable=SC2166 -if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then +if [ "$KERNEL" = "Linux" ] ; then assertHaveCommand ps - CMD='ps auxww' + CMD='ps -wweo user,pid,%cpu,%mem,vsz,rss,tname,stat,start_time,bsdtime,etime,command' elif [ "$KERNEL" = "AIX" ] ; then assertHaveCommandGivenPath /usr/sysv/bin/ps CMD='/usr/sysv/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args' elif [ "$KERNEL" = "SunOS" ] ; then assertHaveCommandGivenPath /usr/bin/ps CMD='/usr/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args' +elif [ "$KERNEL" = "Darwin" ] ; then + assertHaveCommand ps + CMD='ps axo user,pid,%cpu,cputime,%mem,rss,vsz,tt,state,start,etime,command' elif [ "$KERNEL" = "HP-UX" ] ; then HEADER='USER PID PSR pctCPU CPUTIME pctMEM RSZ_KB VSZ_KB TTY S ELAPSED COMMAND ARGS' # shellcheck disable=SC2016 @@ -35,6 +38,9 @@ elif [ "$KERNEL" = "HP-UX" ] ; then $CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FORMAT $PRINTF" header="$HEADER" echo "Cmd = [$CMD]; | $AWK '$HEADERIZE $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST" exit +elif [ "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then + assertHaveCommand ps + CMD='ps axo user,pid,%cpu,cputime,%mem,rss,vsz,tt,state,start,etime,command' fi # shellcheck disable=SC2016 diff --git a/bin/ps_metric.sh b/bin/ps_metric.sh index b92e64d..de39e96 100755 --- a/bin/ps_metric.sh +++ b/bin/ps_metric.sh @@ -8,19 +8,19 @@ . "$(dirname "$0")"/common.sh # shellcheck disable=SC2166 -if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then +if [ "$KERNEL" = "Linux" ] ; then assertHaveCommand ps - CMD='ps auxww' - if [ "$KERNEL" = "Linux" ] ; then - if [ ! -f "/etc/os-release" ] ; then - DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" - else - DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" - fi - elif [ "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then - # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address. - DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)" + CMD='ps -wweo user,pid,%cpu,%mem,vsz,rss,tname,stat,start_time,bsdtime,etime,command' + if [ ! -f "/etc/os-release" ] ; then + DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" + else + DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" fi +elif [ "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then + assertHaveCommand ps + CMD='ps axo user,pid,%cpu,%mem,vsz,rss,tt,state,start,cputime,etime,command' + # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address. + DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)" elif [ "$KERNEL" = "AIX" ] ; then assertHaveCommandGivenPath /usr/sysv/bin/ps CMD='/usr/sysv/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args' diff --git a/bin/rlog.sh b/bin/rlog.sh index ace5150..f3e6e94 100755 --- a/bin/rlog.sh +++ b/bin/rlog.sh @@ -18,7 +18,8 @@ else fi CURRENT_AUDIT_FILE=/var/log/audit/audit.log # For handling upgrade scenarios TMP_ERROR_FILTER_FILE=$(mktemp) # For filering out "no matches" error from stderr -AUDIT_FILE="/var/log/audit/audit.log*" +AUDIT_LOG_DIR="/var/log/audit" +AUDIT_FILES=$(ls -1 "${AUDIT_LOG_DIR}"/audit.log "${AUDIT_LOG_DIR}"/audit.log.[0-9]* 2>/dev/null | sort -V) if [ "$KERNEL" = "Linux" ] ; then assertHaveCommand service @@ -28,25 +29,32 @@ if [ "$KERNEL" = "Linux" ] ; then if [ -e "$SEEK_FILE" ] ; then SEEK_TIME=$(head -1 "$SEEK_FILE") - # shellcheck disable=SC2086 - awk " { print } " $AUDIT_FILE | /sbin/ausearch -i -ts $SEEK_TIME -te $CURRENT_TIME 2>$TMP_ERROR_FILTER_FILE | grep -v "^----"; - # shellcheck disable=SC2086 - grep -v "" < $TMP_ERROR_FILTER_FILE 1>&2 + for AUDIT_FILE in $AUDIT_FILES; do + # shellcheck disable=SC2086 + /sbin/ausearch -i -ts $SEEK_TIME -te $CURRENT_TIME -if "$AUDIT_FILE" 2>"$TMP_ERROR_FILTER_FILE" | grep -v "^----" + # shellcheck disable=SC2086 + grep -v "" <"$TMP_ERROR_FILTER_FILE" 1>&2 + done elif [ -e "$OLD_SEEK_FILE" ] ; then rm -rf "$OLD_SEEK_FILE" # remove previous checkpoint - # start ingesting from the first entry of current audit file - # shellcheck disable=SC2086 - awk ' { print } ' $CURRENT_AUDIT_FILE | /sbin/ausearch -i -te $CURRENT_TIME 2>$TMP_ERROR_FILTER_FILE | grep -v "^----"; - # shellcheck disable=SC2086 - grep -v "" <$TMP_ERROR_FILTER_FILE 1>&2 + for AUDIT_FILE in $AUDIT_FILES; do + # start ingesting from the first entry of current audit file + # shellcheck disable=SC2086 + /sbin/ausearch -i -te $CURRENT_TIME -if "$AUDIT_FILE" 2>"$TMP_ERROR_FILTER_FILE" | grep -v "^----" + # shellcheck disable=SC2086 + grep -v "" <"$TMP_ERROR_FILTER_FILE" 1>&2 + done else # no checkpoint found - # shellcheck disable=SC2086 - awk " { print } " $AUDIT_FILE | /sbin/ausearch -i -te $CURRENT_TIME 2>$TMP_ERROR_FILTER_FILE | grep -v "^----"; - # shellcheck disable=SC2086 - grep -v "" <$TMP_ERROR_FILTER_FILE 1>&2 + for AUDIT_FILE in $AUDIT_FILES; do + # shellcheck disable=SC2086 + /sbin/ausearch -i -te $CURRENT_TIME -if "$AUDIT_FILE" 2>"$TMP_ERROR_FILTER_FILE" | grep -v "^----" + # shellcheck disable=SC2086 + grep -v "" <"$TMP_ERROR_FILTER_FILE" 1>&2 + done + fi echo "$CURRENT_TIME" > "$SEEK_FILE" # Checkpoint+ diff --git a/bin/vmstat.sh b/bin/vmstat.sh index 187b917..150accd 100755 --- a/bin/vmstat.sh +++ b/bin/vmstat.sh @@ -22,6 +22,11 @@ if [ "$KERNEL" = "Linux" ] ; then assertHaveCommand ps assertHaveCommand vmstat assertHaveCommand sar + PAGE_SIZE=$(getconf PAGE_SIZE) + HEADERIZE="BEGIN { + print \"$HEADER\" + pageSize = $PAGE_SIZE + }" # shellcheck disable=SC2016 CMD='eval uptime ; ps -e | wc -l ; ps -eT | wc -l ; vmstat -s ; `dirname $0`/hardware.sh; sar -B 1 2; sar -I SUM 1 2' # shellcheck disable=SC2016 @@ -29,7 +34,7 @@ if [ "$KERNEL" = "Linux" ] ; then # shellcheck disable=SC2016 PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}' # shellcheck disable=SC2016 - PARSE_2='/(K|pages) paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}' + PARSE_2='/pages paged out$/ {pgPageOut=$1} /K paged out$/ {pgPageOut=int($1*1024/pageSize)} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}' # shellcheck disable=SC2016 PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}' # shellcheck disable=SC2016 @@ -67,9 +72,9 @@ elif [ "$KERNEL" = "SunOS" ] ; then # Sample output: http://opensolarisforum.org/man/man1/sar.html if [ "$SOLARIS_10" = "true" ] || [ "$SOLARIS_11" = "true" ] ; then # shellcheck disable=SC2016 - PARSE_6='($1 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$3;}' + PARSE_6='($1 ~ "atch*") {nr[NR+10]} NR in nr {pgPageIn_PS=$4;}' # shellcheck disable=SC2016 - PARSE_7='($3 ~ "ppgout*") {nr2[NR+3]} NR in nr2 {pgPageOut_PS=$3}' + PARSE_7='($3 ~ "ppgout*") {nr2[NR+10]} NR in nr2 {pgPageOut_PS=$3}' else # shellcheck disable=SC2016 PARSE_6='($3 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$5}' diff --git a/bin/vmstat_metric.sh b/bin/vmstat_metric.sh index 4c79353..630d99a 100755 --- a/bin/vmstat_metric.sh +++ b/bin/vmstat_metric.sh @@ -26,16 +26,16 @@ if [ "$KERNEL" = "Linux" ] ; then # shellcheck disable=SC2016 CMD='eval uptime ; ps -e | wc -l ; ps -eT | wc -l ; vmstat -s ; `dirname $0`/hardware.sh; sar -B 1 2; sar -I SUM 1 2' if [ ! -f "/etc/os-release" ] ; then - DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')" + DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1) -v PAGE_SIZE=$(getconf PAGE_SIZE)" else - DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}')" + DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1) -v PAGE_SIZE=$(getconf PAGE_SIZE)" fi # shellcheck disable=SC2016 PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} NR==3 {threads=$1}' # shellcheck disable=SC2016 PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}' # shellcheck disable=SC2016 - PARSE_2='/(K|pages) paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}' + PARSE_2='/pages paged out$/ {pgPageOut=$1} /K paged out$/ {pgPageOut=int($1*1024/PAGE_SIZE)} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}' # shellcheck disable=SC2016 PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}' # shellcheck disable=SC2016 @@ -73,10 +73,10 @@ elif [ "$KERNEL" = "SunOS" ] ; then PARSE_5='/^CPU_COUNT/ {cpuCount=$2}' # Sample output: http://opensolarisforum.org/man/man1/sar.html if [ "$SOLARIS_10" = "true" ] || [ "$SOLARIS_11" = "true" ] ; then - # shellcheck disable=SC2016 - PARSE_6='($1 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$3;}' - # shellcheck disable=SC2016 - PARSE_7='($3 ~ "ppgout*") {nr2[NR+3]} NR in nr2 {pgPageOut_PS=$3}' + # shellcheck disable=SC2016 + PARSE_6='($1 ~ "atch*") {nr[NR+10]} NR in nr {pgPageIn_PS=$4;}' + # shellcheck disable=SC2016 + PARSE_7='($3 ~ "ppgout*") {nr2[NR+10]} NR in nr2 {pgPageOut_PS=$3}' else # shellcheck disable=SC2016 PARSE_6='($3 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$5}' diff --git a/default/app.conf b/default/app.conf index cb5c981..966a183 100644 --- a/default/app.conf +++ b/default/app.conf @@ -7,7 +7,7 @@ [install] is_configured = false state = enabled -build = 1738793362 +build = 1748985697 [ui] setup_view = ta_nix_configuration @@ -17,7 +17,7 @@ docs_section_override = AddOns:released [launcher] author = Michael Erdely -version = 10.0.0.1 +version = 10.1.0.0 description = Technical Add-on for Unix and Linux #[package] @@ -26,5 +26,5 @@ description = Technical Add-on for Unix and Linux [id] name = TA-unix -version = 10.0.0.1 +version = 10.1.0.0 diff --git a/default/props.conf b/default/props.conf index 1ca0fc8..d9b8ac7 100644 --- a/default/props.conf +++ b/default/props.conf @@ -97,7 +97,7 @@ LINE_BREAKER = ([\r\n]+) KV_MODE = json NO_BINARY_CHECK = true TRUNCATE=1000000 -TRANSFORMS-docker-metric-dimensions=eval_dimensions +TRANSFORMS-docker-metric-dimensions=splunk_ta_nix_eval_dimensions METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_docker [vmstat_metric] @@ -108,7 +108,7 @@ DATETIME_CONFIG = CURRENT KV_MODE = none INDEXED_EXTRACTIONS = CSV FIELD_DELIMITER=whitespace -TRANSFORMS-vmstat-metric-dimensions=eval_dimensions +TRANSFORMS-vmstat-metric-dimensions=splunk_ta_nix_eval_dimensions METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_vmstat [cpu_metric] @@ -121,7 +121,7 @@ TRUNCATE=1000000 KV_MODE = none INDEXED_EXTRACTIONS = CSV FIELD_DELIMITER=whitespace -TRANSFORMS-cpu-metric-dimensions=eval_dimensions +TRANSFORMS-cpu-metric-dimensions=splunk_ta_nix_eval_dimensions TRANSFORMS-cpu-metric-field=extract_cpu_metric_field METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_cpu @@ -133,7 +133,7 @@ DATETIME_CONFIG = CURRENT KV_MODE = none INDEXED_EXTRACTIONS = TSV TRANSFORMS-df-metrics=extract_df_metrics -TRANSFORMS-df-metric-dimensions=eval_dimensions +TRANSFORMS-df-metric-dimensions=splunk_ta_nix_eval_dimensions METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_df [interfaces_metric] @@ -145,7 +145,7 @@ KV_MODE = none INDEXED_EXTRACTIONS = CSV FIELD_DELIMITER=whitespace EVAL-Duplex=case(Duplex==2,"Full", Duplex==1,"Half", Duplex==0, "Unknown", true(), Duplex) -TRANSFORMS-interfaces-metric-dimensions=eval_dimensions +TRANSFORMS-interfaces-metric-dimensions=splunk_ta_nix_eval_dimensions METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_interfaces [iostat_metric] @@ -157,7 +157,7 @@ KV_MODE = none INDEXED_EXTRACTIONS = CSV FIELD_DELIMITER=whitespace TRANSFORMS-iostat-metrics-field=extract_iostat_metrics_field -TRANSFORMS-iostat-metric-dimensions=eval_dimensions +TRANSFORMS-iostat-metric-dimensions=splunk_ta_nix_eval_dimensions METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_iostat [ps_metric] @@ -168,7 +168,7 @@ DATETIME_CONFIG = CURRENT KV_MODE = none INDEXED_EXTRACTIONS = CSV FIELD_DELIMITER=whitespace -TRANSFORMS-ps-metric-dimensions=eval_dimensions +TRANSFORMS-ps-metric-dimensions=splunk_ta_nix_eval_dimensions TRANSFORMS-ps-metric-field=extract_ps_metric_field METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_ps @@ -221,9 +221,11 @@ TRUNCATE=1000000 DATETIME_CONFIG = CURRENT KV_MODE = multi FIELDALIAS-dest_for_df = host as dest -FIELDALIAS-filesystem_for_df = Filesystem AS filesystem FIELDALIAS-filesystem_type_for_df = Type as filesystem_type -FIELDALIAS-mount_for_df = MountedOn AS mount +EVAL-Filesystem = replace(Filesystem, " ", " ") +EVAL-filesystem = replace(Filesystem, " ", " ") +EVAL-MountedOn = replace(MountedOn, " ", " ") +EVAL-mount = replace(MountedOn, " ", " ") EVAL-Type = coalesce('Type',"?") EVAL-filesystem_type = coalesce('Type',"?") EVAL-Size = coalesce('Size','1024_blocks') diff --git a/default/transforms.conf b/default/transforms.conf index f246b72..9716dc4 100644 --- a/default/transforms.conf +++ b/default/transforms.conf @@ -179,7 +179,7 @@ REGEX=[[dhcp_prefix_src]]reuse_lease:\s+lease\s+age.*under.*threshold,\s+reply\s ###### Scripted Metric Inputs ###### -[eval_dimensions] +[splunk_ta_nix_eval_dimensions] # Support for omitting the IPv6 Address field when the script output doesn't include an IPv6 Address INGEST_EVAL = metric_name=sourcetype, entity_type="TA_Nix", OS_name=replace(OSName, "_", " "), IPv6_address = if(IPv6_Address=="?", null(), IPv6_Address) diff --git a/docs/ReleaseNotes.md b/docs/ReleaseNotes.md index cab2a89..78e809b 100644 --- a/docs/ReleaseNotes.md +++ b/docs/ReleaseNotes.md @@ -1,5 +1,13 @@ # Technical Add-on for Unix and Linux +## Version 10.0.0.2 ( + +Minor fixes + +Changes: + +* Make RPI CPU_TYPE not have trailing comma + ## Version 10.0.0.1 (2025-02-19) Fix report CPU_TYPE in hardware.sh for RPIs