All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Could not find the forwarder details in the Splunk Web Splunk App for Unix ?

ariel123
Engager
‎12-06-2017 06:14 PM

Hi,
I have 2 Nix servers setup as below. I can't seem to find any of the Nix#2 data such as cpu and other system info from the splunk web's Splunk App for Unix App. All I can see is the information of the Nix#1. Splunk web is hosted in Nix#1.

I'm sure the Nix#2 is connected to Nix#1 as I could see an established connection via netstat -an | grep 9997 when run in the Nix#1 and the splunkd.log in Nix#2 shows that it is connected to idx=:9997

Nix#1
-Splunk enterprise (7.0.1)
-Splunk App for Unix
-Splunk Add-on for Unix and Linux
-Setup receiver (port 9997) via command line

Nix#2
-Splunk forwarder (7.0.1)
-Splunk Add-on for Unix and Linux
-Setup to send data to Nix#1 via splunk add forward-server :9997

Any idea?

Thanks.

0 Karma
Reply

harsmarvania57
SplunkTrust
SplunkTrust
‎12-07-2017 05:55 AM

Hi @ariel123,

Please follow below steps to configure this properly.

1.) splunk add forward-server :9997 is not correct, you need to execute command $SPLUNK_HOME/bin/splunk add forward-server <NIX 1 FQDN or IP>:9997 on Nix#2
2.) When you install Splunk Add-on for Unix and Linux on Nix#2 you need to enable different monitoring, you can copy $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default/inputs.conf to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf (If local directory is not present in Splunk_TA_nix please create it.
3.) Enable monitoring based on your requirements on Nix#2 in $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf from changing disabled=1 to disabled=0
4.) Restart splunkforwarder on #Nix2
5.) Check in Nix#1 using splunk query index=os host=Nix#1, after executing this query if are will get output then you can play with Splunk App for Unix.

I hope this helps.

Thanks,
Harshil

0 Karma
Reply

ariel123
Engager
‎12-13-2017 05:45 PM

Hi Harshil,
Thanks. The issue was that cpu.sh wasn't displaying info in ubuntu. It works on redhat though so I'll use the forwarder on redhat for now.
Cheers.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...