All Apps and Add-ons

How do I add hosts to the drop-down list in the set up of the Splunk App for Unix and Linux?

Explorer

I see on the GUI of the Splunk App for Unix and Linux -- Splunk Add-on for Unix and Linux: Setup that has radio buttons for enable and disable of File and Directory Inputs: and "Scripted Inputs" and a "Save button" at the bottom. I do not see a GUI that looks like the one in the documentation. which mentions "categories" as shown here:
http://docs.splunk.com/Documentation/UnixApp/5.0.1/User/First-timeconfiguration#Settings:_Categories

Where do I add hosts to the drop-down in the setup of this application? I have the localhost working just fine and I have data from the remote host, I just don't see the remote host listed on the application drop-down.

Thank You

0 Karma
1 Solution

Explorer

Well again, I answered my own question. It appears the issue was the "add-on" had correctly installed and the "App" had not. Reinstalling the App after deleting it solved the issue. I do believe the fact the App and the Add-On are both called "*nix" is very confusing.

View solution in original post

Splunk Employee
Splunk Employee

Okay, so the fact that you have the data at the indexer is a good sign; it means that the forwarding is working.

The app sees hosts that have data indexed in the os index on the indexer. This is how it shows those hosts in the "Settings/Categories" setup screen.

  • Does the following search on the indexer return any results: index=os host= ?
  • Did you install all three components ( splunk_app_for_nix , Splunk_TA_Nix, and SA-nix ) on the indexer?
  • Did you run the first-time setup? (It appears when you load the app initially.)

Let's start there and go further if this doesn't help.

Explorer

Well again, I answered my own question. It appears the issue was the "add-on" had correctly installed and the "App" had not. Reinstalling the App after deleting it solved the issue. I do believe the fact the App and the Add-On are both called "*nix" is very confusing.

View solution in original post

Community Manager
Community Manager

Hi @dougcabell

I'm editing your post, but I needed clarification on what you're referring to. You use "application" and "add-on", but these are two different things.
Splunk App for Unix and Linux:
https://apps.splunk.com/app/273/
Splunk Add-on for Unix and Linux:
https://apps.splunk.com/app/833/

Are you seeing this set up screen in the Splunk App for Unix and Linux?

0 Karma

Explorer

Hmm, sorry in the age of applets on phones-I was using app and add-on interchangeably
I will rephrase I have the add-on on the remote box (universal forwarder) and I have the application on the "Enterprise Server" and I am trying to get the application on the Enterprise Server to see the remote box (universal forwarder) on the drop down, at the moment it only sees itself which works

0 Karma

Community Manager
Community Manager

No problem @dougcabell it can be a bit confusing. I just edited your post to clear things up and also tagged it with the official tags for the Splunk App and Splunk Add-on for Unix and Linux, so that should help with this question getting visibility and you finding an answer.

Cheers!

Patrick

0 Karma

Explorer

Well obviously everyone is stumped like I am for adding a host to the drop down in the App for Unix and Linux. It is very confusing and not well documented. I will keep digging and if I find (big IF) a solution I will post it here.

Doug

0 Karma