Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: App for linux scripts not showing data
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
App for linux scripts not showing data
Hello there
I have this issue in the "Splunk app for unix/linux" I cannot see data under the web interface for host, memory, cpu..
got this error:
(Web view)
Specification
CPU: unknown - is cpu.sh enabled?
RAM: unknown - is vmstat.sh enabled?
Disk: unknown - is df.sh enabled?
Capacity: unknown - is df.sh enabled?
but when I go to setting page for configuring in the preview mode I'm able to see data..
** I already run scripts directly at server(forwarder) and works well (with splunk forwarder user)
** When I tried to search info (cpu for example) in the "search tab" I'm able to see the info..
**The sysstat package is already installed .
**I verify the index=OS is in default view
Thanks for your help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check out what's on Troubleshoot the Splunk App for Unix and Linux. The part on dropdowns.csv might be effective here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The dashboards use macros and form tokens. The form tokens are populated from the dropdowns which I believe are populated by a lookup generating search. Are your dropdowns populated on the home dashboard?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same issue and yes the drop downs populate with Group = Default (there are about 50 servers showing up in that group under settings>category)...it just spins "Searching for data" and nothing loads. When I enabled the .sh scripts the first time, got a blurb of data for about 20 minutes, then nothing. Data is loaded into index, sourcetypes, everything...just the app dashboards are dead.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@tobias - are you accessing these dashboards as a user with the "admin" role? This will help rule out any potential permissions issues.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try and search index=os and verify the data is there first
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yep data Is already display in search mode..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is it a single splunk instance?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have one server configured as indexer with the app for linux installed:
This server is receiving the forwarder info.
And other server as heavy forwarder with the add on installed, I have no distributed environments yet.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Splunk Community Badges!
How to find the worst searches in your Splunk environment and how to fix them
Share Your Feedback: On Admin Config Service (ACS)!
