All Apps and Add-ons

Configure the Splunk App for Unix and Linux on multiple machines

lalit_mohan
Path Finder

Hi Guys,

Actually I am following http://docs.splunk.com/Documentation/UnixApp/5.0/User/Otherdeploymentconsiderations
for Configuring the Splunk App for Unix and Linux on multiple machines.
I want to monitor multiple linux hosts from Splunk Server dashboard of this Splunk App.I have perform each step successfully given in above mentioned url ,but on Host tab I am getting SplunkServer as the only host but not the SplunkForwarder .

Although on Search tab of this splunk app index=os,showing two hosts (SplunkServer ,SplunkForwarder )

Can you please provide some links/steps on how to solve this problem?

Thank you very much for your help!

1 Solution

lalit_mohan
Path Finder

Thank you so much araitz for your kind support..

My problem has been solved .Actually I missed the host entry in setting panel in ui of this app.When I entered the splunkForwarder detatil ,I am able to populate the data on dashboard.

View solution in original post

lalit_mohan
Path Finder

Thank you so much araitz for your kind support..

My problem has been solved .Actually I missed the host entry in setting panel in ui of this app.When I entered the splunkForwarder detatil ,I am able to populate the data on dashboard.

View solution in original post

araitz
Splunk Employee
Splunk Employee

The way that the hosts view works today is that it only shows hosts that have sent data from vmstat, disk, or top in the past 10 minutes. When you view data from SplunkForwarder in the search view (e.g. index=os host=SplunkForwarder), do you see data from these inputs whithin the past 10 minutes?

0 Karma

lalit_mohan
Path Finder

Yes,I can see SplunkForwarder value in host list of search tab of Splunk Unix App but when I click on hosts tab then I always find only one value i.e SplunkServer in
category and Group fields.

splunk/etc/apps/Splunk_TA_nix/default/app.conf has:
[ui]
is_visible = true

I have verified the above file on both the vm (SplunkServer & splunkForwarder ) ,it is correct.
Is there any configuration or steps missing for showing the splunkForwarder details on hosts tab ?

0 Karma

araitz
Splunk Employee
Splunk Employee

If you go to the search view on SplunkServer and search for 'index=os', do you see any data from SplunkForwarder.

0 Karma

lalit_mohan
Path Finder

Hi Araitz,

Exactly,the same scenario I have setup.But SplunkForwarder details (like hosts, cpu, memory,top, etc) is not coming on dashboard of splunkServer's unix app.

Can you help me out ,what may be the issue behind this.

Thank you very much for your help!

0 Karma

araitz
Splunk Employee
Splunk Employee

I'm not sure I fully understand. Let me know if this is right:

1) You have a search head SplunkServer which you installed the Unix app on.
2) You enabled data inputs on SplunkServer (like cpu, top, etc).
3) You installed the Splunk Add-on for Unix on a forwarder SplunkForwarder.
4) You enabled data inputs on SplunkForwarder (like cpu, top, etc).
5) You are not seeing any data in the unix app on SplunkServer from the forwarder SplunkForwarder.

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.