Solved: How do I add hosts to the drop-down list in the se...

dougcabell · ‎03-03-2015

I see on the GUI of the Splunk App for Unix and Linux -- Splunk Add-on for Unix and Linux: Setup that has radio buttons for enable and disable of File and Directory Inputs: and "Scripted Inputs" and a "Save button" at the bottom. I do not see a GUI that looks like the one in the documentation. which mentions "categories" as shown here:
http://docs.splunk.com/Documentation/UnixApp/5.0.1/User/First-timeconfiguration#Settings:_Categories

Where do I add hosts to the drop-down in the setup of this application? I have the localhost working just fine and I have data from the remote host, I just don't see the remote host listed on the application drop-down.

Thank You

dougcabell · ‎03-06-2015

Well again, I answered my own question. It appears the issue was the "add-on" had correctly installed and the "App" had not. Reinstalling the App after deleting it solved the issue. I do believe the fact the App and the Add-On are both called "*nix" is very confusing.

View solution in original post

malmoore · ‎03-06-2015

Okay, so the fact that you have the data at the indexer is a good sign; it means that the forwarding is working.

The app sees hosts that have data indexed in the os index on the indexer. This is how it shows those hosts in the "Settings/Categories" setup screen.

Does the following search on the indexer return any results: index=os host= ?
Did you install all three components ( splunk_app_for_nix , Splunk_TA_Nix, and SA-nix ) on the indexer?
Did you run the first-time setup? (It appears when you load the app initially.)

Let's start there and go further if this doesn't help.

dougcabell · ‎03-06-2015

Well again, I answered my own question. It appears the issue was the "add-on" had correctly installed and the "App" had not. Reinstalling the App after deleting it solved the issue. I do believe the fact the App and the Add-On are both called "*nix" is very confusing.

ppablo · ‎03-03-2015

Hi @dougcabell

I'm editing your post, but I needed clarification on what you're referring to. You use "application" and "add-on", but these are two different things.
Splunk App for Unix and Linux:
https://apps.splunk.com/app/273/
Splunk Add-on for Unix and Linux:
https://apps.splunk.com/app/833/

Are you seeing this set up screen in the Splunk App for Unix and Linux?

dougcabell · ‎03-03-2015

Hmm, sorry in the age of applets on phones-I was using app and add-on interchangeably
I will rephrase I have the add-on on the remote box (universal forwarder) and I have the application on the "Enterprise Server" and I am trying to get the application on the Enterprise Server to see the remote box (universal forwarder) on the drop down, at the moment it only sees itself which works

ppablo · ‎03-04-2015

No problem @dougcabell it can be a bit confusing. I just edited your post to clear things up and also tagged it with the official tags for the Splunk App and Splunk Add-on for Unix and Linux, so that should help with this question getting visibility and you finding an answer.

Cheers!

Patrick

dougcabell · ‎03-06-2015

Well obviously everyone is stumped like I am for adding a host to the drop down in the App for Unix and Linux. It is very confusing and not well documented. I will keep digging and if I find (big IF) a solution I will post it here.

Doug

How do I add hosts to the drop-down list in the set up of the Splunk App for Unix and Linux?

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM