Skip to main content

Collector operations

Once you install an APEX AIOps Incident Management Collector, you can perform several types of operations on your Linux, Mac, and Windows systems to stop, start, and delete a collector. Additionally, on Windows, the installer wizard features an option to repair your Windows collector installation.

Incident Management Collector operations for Linux and Mac systems

On Linux and Mac systems, the default home directory for the Incident Management Collector is ~/collector/. All collector binaries, logs, and related files are installed under this directory. In Linux, root users can find the collector directory under /opt/collector.

To install in a different directory, specify the target in a $COLLECTOR_HOME environment variable on the collector host.

Note

After you install the Incident Management Collector, you are asked to set the COLLECTOR_HOME environment variable. If you have not done so, run the following:

Root user: COLLECTOR_HOME=/opt/collector

Non-root user: COLLECTOR_HOME=/home/<user>/collector

Stop, start, or reload the Incident Management Collector as a non-root user

To stop, start, or restart the Incident Management Collector, log in on the collector host and run the provided scripts. You must log in as a non-root user to run these scripts.

Stop the collector

To stop the Incident Management Collector, open a CLI and enter:

$COLLECTOR_HOME/scripts/stop.sh

Important

Running the stop.sh script will send a SIGTERM signal to the Incident Management Collector. However, the collector by default will not terminate immediately after it receives a SIGTERM signal. Instead, the collector will do the following:

  • Shut down its sources, preventing itself from taking in more data.

  • Attempt to drain its sinks of any remaining data that has not been forwarded yet to Incident Management.

  • Start a timer for one minute.

The collector will only fully terminate once all the sources and sinks have successfully shut down, or if one minute has elapsed.

Start the collector

To start the Incident Management Collector, open a CLI on the collector host and enter:

$COLLECTOR_HOME/scripts/start.sh

Reload the collector

To reload the APEX AIOps Incident Management Collector, open a CLI on the collector host and enter:

$COLLECTOR_HOME/scripts/reload.sh

Stop, start, or restart the Incident Management Collector as root user

To stop, start, or restart the Incident Management Collector as a root user, use the systemctl commands. The systemctl commands work only with root user access.

Stop the collector

To stop the Incident Management Collector, open a CLI, login as root on the collector host, and enter:

systemctl stop collector

Start the collector

To start the Incident Management Collector, open a CLI, login as root on the collector host, and enter:

systemctl start collector

Restart the collector

If you have a running Incident Management Collector and want to restart it, open a CLI, log in as root on the collector host, and enter:

systemctl restart collector

Delete an Incident Management Collector

To delete an Incident Management Collector from the host, stop the collector, and then remove the /home/<user>/collector directory for non-root users or the /opt/collector directory for root users.

Note

It is a good practice to also delete the moog_header.txt file from the /tmp directory for root and non-root installations.

Incident Management Collector operations for Windows

On Windows systems, the default home directory for the Incident Management Collector is C:\Program Files\Moogsoft\. All collector binaries, logs, and related files are installed under this directory.

Stop, start or remove the collector

To stop, start, or restart the Incident Management Collector, login on the collector host and run the provided scripts.

Stop the collector

sc.exe stop vector

Start or restart the collector

To restart the Incident Management Collector, open a CLI on the collector host and enter:

sc.exe start vector

Remove the collector

To remove an Incident Management Collector from the host:

  1. Run the Incident Management Collector Setup Wizard.

  2. In the Change, repair, or remove installation, click Remove, to gracefully remove all parts of the Windows Collector and its files.

You can also uninstall the collector by opening a CLI and running the following command:

msiexec /x "name of msi"

If you need to kill your existing collector to remove it, you can run:

sc.exe queryex vector

...followed by:

taskkill /pid <pid from previous command here> -f

Repair the collector installation

The Incident Management Collector Setup Wizard for Windows contains an option that lets you repair errors in your installation. To repair your installation:

  1. Run the Incident Management Collector Setup Wizard.

  2. In the Change, repair, or remove installation, click Repair.

Incident Management Collector logs

To check your Incident Management Collector operations, you can view collector logs in the Incident Management UI at Integrations > Ingestion Services > Collectors > specific collector > Collector Logs.

For Linux and Mac systems, logs are also available on an installed collector agent as well as in the logs directory.

In this section: