All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

App for linux scripts not showing data

aramp
Explorer
‎05-25-2017 02:56 PM

Hello there

I have this issue in the "Splunk app for unix/linux" I cannot see data under the web interface for host, memory, cpu..

got this error:

(Web view)
Specification
CPU: unknown - is cpu.sh enabled?
RAM: unknown - is vmstat.sh enabled?
Disk: unknown - is df.sh enabled?
Capacity: unknown - is df.sh enabled?

but when I go to setting page for configuring in the preview mode I'm able to see data..

** I already run scripts directly at server(forwarder) and works well (with splunk forwarder user)
** When I tried to search info (cpu for example) in the "search tab" I'm able to see the info..
**The sysstat package is already installed .
**I verify the index=OS is in default view

Thanks for your help

Reply

sloshburch
Ultra Champion
‎01-03-2019 02:52 PM

Check out what's on Troubleshoot the Splunk App for Unix and Linux. The part on dropdowns.csv might be effective here.

0 Karma
Reply

pappjr
Path Finder
‎06-01-2017 06:30 PM

The dashboards use macros and form tokens. The form tokens are populated from the dropdowns which I believe are populated by a lookup generating search. Are your dropdowns populated on the home dashboard?

Reply

tobais
Engager
‎08-30-2017 12:31 PM

Same issue and yes the drop downs populate with Group = Default (there are about 50 servers showing up in that group under settings>category)...it just spins "Searching for data" and nothing loads. When I enabled the .sh scripts the first time, got a blurb of data for about 20 minutes, then nothing. Data is loaded into index, sourcetypes, everything...just the app dashboards are dead.

0 Karma
Reply

jpapp
New Member
‎09-14-2017 07:40 PM

@tobias - are you accessing these dashboards as a user with the "admin" role? This will help rule out any potential permissions issues.

0 Karma
Reply

adonio
Ultra Champion
‎05-26-2017 09:38 AM

try and search index=os and verify the data is there first

0 Karma
Reply

aramp
Explorer
‎05-26-2017 11:12 AM

yep data Is already display in search mode..

0 Karma
Reply

adonio
Ultra Champion
‎05-26-2017 11:53 AM

is it a single splunk instance?

0 Karma
Reply

aramp
Explorer
‎06-01-2017 09:27 AM

I have one server configured as indexer with the app for linux installed:
This server is receiving the forwarder info.

And other server as heavy forwarder with the add on installed, I have no distributed environments yet.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...