All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I get the scripts that are found within the Splunk Add-on for Linux and UNIX to generate and send us the information?

Jarohnimo
Builder
‎02-20-2018 12:50 PM

Hey Guys,

So I'm looking into an issue; getting the scripts that are found within the Splunk Add-on for Linux and UNIX to generate and send us the information. Currently only the monitored inputs are working correctly, sending its data parsed as expected. (https://docs.splunk.com/Documentation/UnixAddOn/5.2.4/User/InstalltheSplunkAdd-onforUnixandLinux). We are using the Deployment server to distribute the Splunk_TA_nix application to the linux nodes.

Our Setup: Server 2012 R2 (Indexer/Deployment Server) sending the Splunk_TA_nix to the Red hat Linux servers, all the monitored inputs are working to send its data back and can view the source types parsed and working as expected, none of the scripts are working. Anything that looks like: [script://./bin/my_script.sh] doesn't work, Do you know why?

In my research I've found people who seem to have similar issues:
https://answers.splunk.com/answers/60060/how-to-set-automatically-executable-attribute-of-file-in-sp...
https://answers.splunk.com/answers/45408/splunk-not-showing-linux-logs.html - Permission issue was resolved in Kristian kolb's reply.
https://answers.splunk.com/answers/102439/app-for-linux-on-windows-indexer.html - Others who are confused on how to use this app when hosted on a windows box.
https://answers.splunk.com/answers/237809/why-am-i-getting-this-error-trying-to-configure-th.html

0 Karma
Reply

bcyates
Communicator
‎09-21-2018 07:45 AM

You can troubleshoot why your scripts are not working, but it is more than likely a permissions issue if you enabled inputs in your inputs.conf and you still do not see your data. You can do this:

  • Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin.

  • Run sh --debug to run the script in debug mode.

  • The debug output is saved in debug----. This file contains the command that was executed, and its output or the failure reason. Use this information to resolve the missing data issue.

Also, for what it is worth, it is NOT recommended to run a Deployment Server and an Indexer on the same server. Especially a Windows box.

0 Karma
Reply

SuryaNittala
New Member
‎03-20-2018 12:02 PM

By default the scripted inputs are disabled (disabled = 1). Enable the inputs that you want the add-on to monitor by setting the disabled attribute for each input stanza to 0. Be sure to do this editing under local/inputs.conf

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...