The document that provides instructions on how to install Splunk TA for Unix on a Universal Forwarder is for a .tar.gz file. However, the downloaded version I received from Splunk Apps is .tgz file version. When I open this file, the README does not contain installation instructions. How do I install the file named SplunkTAnix-4.7.0-156739.tgz on a RHEL Universal Forwarder?
Thanks. Those are the instructions I have but I did not realize (or try) that it would work the same (substituting the file extension).
Here's a slight longer answer with pictures. Just wrote this up for a Splunk Cloud customer, thought I'd share with you guys:
If you haven’t setup a forwarder and a TA before, it’s a bit tricky.
The tricky part is : after you install the forwarder, and the TA, you still need to enable the inputs, so you can run this script:
$SPLUNKHOME/bin/splunk cmd $SPLUNKHOME/etc/apps/SplunkTAnix/bin/setup.sh
You login using the default creds, assuming you haven’t changed them its admin / changeme
And that gives you a menu:
*** Splunk> *nix command-line setup > MAIN MENU *** You are currently managing Splunk server 'localhost.localdomain' Please choose from one of the following options: 1 - show *nix input status 2 - manage *nix inputs 3 - install/upgrade app 4 - change credentials 5 - connect to remote instance 0 - logout and exit program Enter selection:
Select 2, and then you can just enable all, or whatever you want really.
*** Splunk> *nix command-line setup > MANAGE INPUTS *** You are currently managing Splunk server 'localhost.localdomain' Please choose from one of the following options: 1 - manage one input 2 - enable all inputs 3 - disable all inputs 4 - go back to main menu 0 - logout and exit program Enter selection:
To start, probably choose #2, then we can tune it back later .
Then, After you ‘0’ you can return to your trial and hit up the app. You’ll see data now:
setup.sh did not run on my ubuntu 16.04 server. Issue with function definition for /bin/sh.
I had to chage the first line from #!/bin/sh to #!/bin/bash