All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Could not find the forwarder details in the Splunk Web Splunk App for Unix ?

ariel123
Engager
‎12-06-2017 06:14 PM

Hi,
I have 2 Nix servers setup as below. I can't seem to find any of the Nix#2 data such as cpu and other system info from the splunk web's Splunk App for Unix App. All I can see is the information of the Nix#1. Splunk web is hosted in Nix#1.

I'm sure the Nix#2 is connected to Nix#1 as I could see an established connection via netstat -an | grep 9997 when run in the Nix#1 and the splunkd.log in Nix#2 shows that it is connected to idx=:9997

Nix#1
-Splunk enterprise (7.0.1)
-Splunk App for Unix
-Splunk Add-on for Unix and Linux
-Setup receiver (port 9997) via command line

Nix#2
-Splunk forwarder (7.0.1)
-Splunk Add-on for Unix and Linux
-Setup to send data to Nix#1 via splunk add forward-server :9997

Any idea?

Thanks.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎12-07-2017 05:55 AM

Hi @ariel123,

Please follow below steps to configure this properly.

1.) splunk add forward-server :9997 is not correct, you need to execute command $SPLUNK_HOME/bin/splunk add forward-server <NIX 1 FQDN or IP>:9997 on Nix#2
2.) When you install Splunk Add-on for Unix and Linux on Nix#2 you need to enable different monitoring, you can copy $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default/inputs.conf to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf (If local directory is not present in Splunk_TA_nix please create it.
3.) Enable monitoring based on your requirements on Nix#2 in $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf from changing disabled=1 to disabled=0
4.) Restart splunkforwarder on #Nix2
5.) Check in Nix#1 using splunk query index=os host=Nix#1, after executing this query if are will get output then you can play with Splunk App for Unix.

I hope this helps.

Thanks,
Harshil

0 Karma
Reply

ariel123
Engager
‎12-13-2017 05:45 PM

Hi Harshil,
Thanks. The issue was that cpu.sh wasn't displaying info in ubuntu. It works on redhat though so I'll use the forwarder on redhat for now.
Cheers.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...