Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How to troubleshoot why the Splunk App for Uni...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I have the Splunk App for Unix and Linux installed and configured as mentioned in the docs, but could not receive or index data. Any help is appreciated.
Thanks,
SB
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Issue is resolved now, had to create a new index on indexer, all other configurations worked well. Thanks a lot for all your inputs guys.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Issue is resolved now, had to create a new index on indexer, all other configurations worked well. Thanks a lot for all your inputs guys.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you explain your setup a little bit? Did you install this app on a Universal Forwarder and are trying to send data to Splunk Enterprise?
Can you post your local inputs.conf file so we can see what you are collecting?
Are you recieving any data from the host that the Splunk app for *nix is installed on? You can verify this by looking for that host in the _internal index
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ryanoconnor is on point with his request re: the inputs.conf - note that everything in there is disabled by default.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hard to say anything about this without more detail - but you might be able to find your problem in the splunk log on the forwarder. have a look at the logs in /opt/splunkforwarder/var/log/splunk/ for relevant information about what the forwarder is doing/not doing. Most relevant is probably splunkd-utility.log, and possibly splunkd.log, in that directory.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
