All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I get the scripts that are found within the Splunk Add-on for Linux and UNIX to generate and send us the information?

Jarohnimo
Builder
‎02-20-2018 12:50 PM

Hey Guys,

So I'm looking into an issue; getting the scripts that are found within the Splunk Add-on for Linux and UNIX to generate and send us the information. Currently only the monitored inputs are working correctly, sending its data parsed as expected. (https://docs.splunk.com/Documentation/UnixAddOn/5.2.4/User/InstalltheSplunkAdd-onforUnixandLinux). We are using the Deployment server to distribute the Splunk_TA_nix application to the linux nodes.

Our Setup: Server 2012 R2 (Indexer/Deployment Server) sending the Splunk_TA_nix to the Red hat Linux servers, all the monitored inputs are working to send its data back and can view the source types parsed and working as expected, none of the scripts are working. Anything that looks like: [script://./bin/my_script.sh] doesn't work, Do you know why?

In my research I've found people who seem to have similar issues:
https://answers.splunk.com/answers/60060/how-to-set-automatically-executable-attribute-of-file-in-sp...
https://answers.splunk.com/answers/45408/splunk-not-showing-linux-logs.html - Permission issue was resolved in Kristian kolb's reply.
https://answers.splunk.com/answers/102439/app-for-linux-on-windows-indexer.html - Others who are confused on how to use this app when hosted on a windows box.
https://answers.splunk.com/answers/237809/why-am-i-getting-this-error-trying-to-configure-th.html

0 Karma
Reply

bcyates
Communicator
‎09-21-2018 07:45 AM

You can troubleshoot why your scripts are not working, but it is more than likely a permissions issue if you enabled inputs in your inputs.conf and you still do not see your data. You can do this:

  • Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin.

  • Run sh --debug to run the script in debug mode.

  • The debug output is saved in debug----. This file contains the command that was executed, and its output or the failure reason. Use this information to resolve the missing data issue.

Also, for what it is worth, it is NOT recommended to run a Deployment Server and an Indexer on the same server. Especially a Windows box.

0 Karma
Reply

SuryaNittala
New Member
‎03-20-2018 12:02 PM

By default the scripted inputs are disabled (disabled = 1). Enable the inputs that you want the add-on to monitor by setting the disabled attribute for each input stanza to 0. Be sure to do this editing under local/inputs.conf

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...