In our infrastructure, we have our splunk indexer running on a windows machine. We are already collecting performance metrics from remote Windows machines, but we also want to collect the system, CPU and memory counters of a linux machine on the same indexer.
How can i achieve that ?
(I have installed Splunk App for Unix and Linux on my local system and running linux on a vmware but I don't see any options on this app which can enable me to connect to the linux system.)
The indexer doesn't connect to the remote linux system to collect the data, there's no WMI or similar.
Instead, you install a Splunk Universal Forwarder along with the linux addon linked above on the remote machine and the linux app on your indexer. The forwarder collects the data locally and sends it to your indexer to be searched and displayed there.
Can you please elaborate a bit more. By forwarder do you mean a universal forwarder or a splunk indexer which would work as a forwarder from the linux machine ?
install forwarder in your linux machine and also install add on (link given) in linux machine. you need to enable scripts in this add on if disabled (check disabled option in inputs.conf in add on) , configure forwarder to send data to indexer, and these scripts fetch performance metrics and send data to indexer.