Solved: Re: How to troubleshoot why the Splunk App for Uni...

sidhantbhayana · ‎07-07-2016

Hi All,

I have the Splunk App for Unix and Linux installed and configured as mentioned in the docs, but could not receive or index data. Any help is appreciated.

Thanks,
SB

sidhantbhayana · ‎07-26-2016

Issue is resolved now, had to create a new index on indexer, all other configurations worked well. Thanks a lot for all your inputs guys.

View solution in original post

sidhantbhayana · ‎07-26-2016

Issue is resolved now, had to create a new index on indexer, all other configurations worked well. Thanks a lot for all your inputs guys.

ryanoconnor · ‎07-08-2016

Can you explain your setup a little bit? Did you install this app on a Universal Forwarder and are trying to send data to Splunk Enterprise?

Can you post your local inputs.conf file so we can see what you are collecting?

Are you recieving any data from the host that the Splunk app for *nix is installed on? You can verify this by looking for that host in the _internal index

sjalexander · ‎07-08-2016

@ryanoconnor is on point with his request re: the inputs.conf - note that everything in there is disabled by default.

sjalexander · ‎07-08-2016

Hard to say anything about this without more detail - but you might be able to find your problem in the splunk log on the forwarder. have a look at the logs in /opt/splunkforwarder/var/log/splunk/ for relevant information about what the forwarder is doing/not doing. Most relevant is probably splunkd-utility.log, and possibly splunkd.log, in that directory.

How to troubleshoot why the Splunk App for Unix and Linux shows hosts and groups, but is not showing any data?

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk