I see on the GUI of the Splunk App for Unix and Linux -- Splunk Add-on for Unix and Linux: Setup that has radio buttons for enable and disable of File and Directory Inputs: and "Scripted Inputs" and a "Save button" at the bottom. I do not see a GUI that looks like the one in the documentation. which mentions "categories" as shown here:
http://docs.splunk.com/Documentation/UnixApp/5.0.1/User/First-timeconfiguration#Settings:_Categories
Where do I add hosts to the drop-down in the setup of this application? I have the localhost working just fine and I have data from the remote host, I just don't see the remote host listed on the application drop-down.
Thank You
Well again, I answered my own question. It appears the issue was the "add-on" had correctly installed and the "App" had not. Reinstalling the App after deleting it solved the issue. I do believe the fact the App and the Add-On are both called "*nix" is very confusing.
Okay, so the fact that you have the data at the indexer is a good sign; it means that the forwarding is working.
The app sees hosts that have data indexed in the os
index on the indexer. This is how it shows those hosts in the "Settings/Categories" setup screen.
index=os host=
?splunk_app_for_nix
, Splunk_TA_Nix
, and SA-nix
) on the indexer?Let's start there and go further if this doesn't help.
Well again, I answered my own question. It appears the issue was the "add-on" had correctly installed and the "App" had not. Reinstalling the App after deleting it solved the issue. I do believe the fact the App and the Add-On are both called "*nix" is very confusing.
Hi @dougcabell
I'm editing your post, but I needed clarification on what you're referring to. You use "application" and "add-on", but these are two different things.
Splunk App for Unix and Linux:
https://apps.splunk.com/app/273/
Splunk Add-on for Unix and Linux:
https://apps.splunk.com/app/833/
Are you seeing this set up screen in the Splunk App for Unix and Linux?
Hmm, sorry in the age of applets on phones-I was using app and add-on interchangeably
I will rephrase I have the add-on on the remote box (universal forwarder) and I have the application on the "Enterprise Server" and I am trying to get the application on the Enterprise Server to see the remote box (universal forwarder) on the drop down, at the moment it only sees itself which works
No problem @dougcabell it can be a bit confusing. I just edited your post to clear things up and also tagged it with the official tags for the Splunk App and Splunk Add-on for Unix and Linux, so that should help with this question getting visibility and you finding an answer.
Cheers!
Patrick
Well obviously everyone is stumped like I am for adding a host to the drop down in the App for Unix and Linux. It is very confusing and not well documented. I will keep digging and if I find (big IF) a solution I will post it here.
Doug