Daniel Rich
2013-02-13 18:40:37 UTC
Daniel Rich [http://community.zenoss.org/people/sjthespian] created the discussion
"Process monitoring with a complex regex"
To view the discussion, visit: http://community.zenoss.org/message/71479#71479
--------------------------------------------------------------
I am trying to make sure splunkd is running on my splunk servers, but this is a bit of a challenge since there are multiple splunkd processes and I only care about a single one.
As an example, I am looking for the following in the process table:
root     8514 8513 0 Feb05 ?       00:09:23 [splunkd pid=8513] splunkd -p 8089 restart [process-runner]
However, as there are other splunkd processes I have to make sure I exclude search processes. Using something like the following for a process regex will find this process:
^\[splunkd pid=[0-9]*\] (?!search)
or
^\[splunkd pid=[0-9]*\].*\[process-runner\]$
+(the second of these being my preferred choice)+
The problem comes when I model the device. The process that Zenoss sees has all of the above info in it, the biggest problem being that the PID is included in the process that it detects. If I restart splunkd the PID changes and Zenoss then shows the process as down; I believe until the device is remodeled.
Is there a way to limit what portion of the match Zenoss uses for the name of the process? In this case I would be happy with either "splunkd" or "process-runner", but don't want the entire argument string for the reasons above. I have tried various settings for "Ignore Parameters", but it doesn't seem to make any difference. Neither does adding parens to the regexp in order to specify parameters.
I'm currently running 4.2.3 on RHEL6.
--------------------------------------------------------------
Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/71479#71479]
Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
"Process monitoring with a complex regex"
To view the discussion, visit: http://community.zenoss.org/message/71479#71479
--------------------------------------------------------------
I am trying to make sure splunkd is running on my splunk servers, but this is a bit of a challenge since there are multiple splunkd processes and I only care about a single one.
As an example, I am looking for the following in the process table:
root     8514 8513 0 Feb05 ?       00:09:23 [splunkd pid=8513] splunkd -p 8089 restart [process-runner]
However, as there are other splunkd processes I have to make sure I exclude search processes. Using something like the following for a process regex will find this process:
^\[splunkd pid=[0-9]*\] (?!search)
or
^\[splunkd pid=[0-9]*\].*\[process-runner\]$
+(the second of these being my preferred choice)+
The problem comes when I model the device. The process that Zenoss sees has all of the above info in it, the biggest problem being that the PID is included in the process that it detects. If I restart splunkd the PID changes and Zenoss then shows the process as down; I believe until the device is remodeled.
Is there a way to limit what portion of the match Zenoss uses for the name of the process? In this case I would be happy with either "splunkd" or "process-runner", but don't want the entire argument string for the reasons above. I have tried various settings for "Ignore Parameters", but it doesn't seem to make any difference. Neither does adding parens to the regexp in order to specify parameters.
I'm currently running 4.2.3 on RHEL6.
--------------------------------------------------------------
Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/71479#71479]
Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]