All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I get the scripts that are found within the Splunk Add-on for Linux and UNIX to generate and send us the information?

Jarohnimo
Builder
‎02-20-2018 12:50 PM

Hey Guys,

So I'm looking into an issue; getting the scripts that are found within the Splunk Add-on for Linux and UNIX to generate and send us the information. Currently only the monitored inputs are working correctly, sending its data parsed as expected. (https://docs.splunk.com/Documentation/UnixAddOn/5.2.4/User/InstalltheSplunkAdd-onforUnixandLinux). We are using the Deployment server to distribute the Splunk_TA_nix application to the linux nodes.

Our Setup: Server 2012 R2 (Indexer/Deployment Server) sending the Splunk_TA_nix to the Red hat Linux servers, all the monitored inputs are working to send its data back and can view the source types parsed and working as expected, none of the scripts are working. Anything that looks like: [script://./bin/my_script.sh] doesn't work, Do you know why?

In my research I've found people who seem to have similar issues:
https://answers.splunk.com/answers/60060/how-to-set-automatically-executable-attribute-of-file-in-sp...
https://answers.splunk.com/answers/45408/splunk-not-showing-linux-logs.html - Permission issue was resolved in Kristian kolb's reply.
https://answers.splunk.com/answers/102439/app-for-linux-on-windows-indexer.html - Others who are confused on how to use this app when hosted on a windows box.
https://answers.splunk.com/answers/237809/why-am-i-getting-this-error-trying-to-configure-th.html

0 Karma
Reply

bcyates
Communicator
‎09-21-2018 07:45 AM

You can troubleshoot why your scripts are not working, but it is more than likely a permissions issue if you enabled inputs in your inputs.conf and you still do not see your data. You can do this:

  • Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin.

  • Run sh --debug to run the script in debug mode.

  • The debug output is saved in debug----. This file contains the command that was executed, and its output or the failure reason. Use this information to resolve the missing data issue.

Also, for what it is worth, it is NOT recommended to run a Deployment Server and an Indexer on the same server. Especially a Windows box.

0 Karma
Reply

SuryaNittala
New Member
‎03-20-2018 12:02 PM

By default the scripted inputs are disabled (disabled = 1). Enable the inputs that you want the add-on to monitor by setting the disabled attribute for each input stanza to 0. Be sure to do this editing under local/inputs.conf

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...