All Apps and Add-ons

How to work with Splunk App for Unix and Linux?

Path Finder

I have installed the 'Splunk App for Unix and Linux' on a non-distributed Splunk environment. How and where can I set the host machine details which I need to monitor and fetch data from.

0 Karma

Splunk Employee
Splunk Employee

hi @akarivaratharaj ,

Did either the answer or comments below solve your problem? If so, please resolve this post by approving it. If not, keep us updated so that someone else can help solve your problem.

Also, if you're feeling generous, give out an upvote to the user that helped ya. Our users love them upvotes. 🙂

0 Karma

Path Finder

Hi @mstjohn,
Still my issue is not solved. Surely will give the upvotes and approve it once I get the right solution for my problem.

0 Karma

Splunk Employee
Splunk Employee

@akarivaratharaj,

also, have you checked out our community Slack chat?

If you want to try to get some immediate help for your question, you should join the 5000+ Splunk users in our public Slack Community chat. People ask each other for immediate help on there daily. You can share your question/link to your post there to see if anyone can take a stab at it.

You first have to request access through https://splk.it/slack Fill out the form, and once you receive the approval email from our Community Manager (usually the approval process may take a couple days), you can access Slack.com and ask for help in the #general channel.

0 Karma

SplunkTrust
SplunkTrust

Hi @akarivaratharaj,

EDIT : I have requested to update the page to reflect the correct procedure and now we have an explicit statement about the usage of add-on for data inputs

The host configurations are part of inputs.conf and you can enable the inputs as described in http://docs.splunk.com/Documentation/UnixAddOn/5.2.4/User/Enabledataandscriptedinputs

Once you have the data coming , you could configure the rest of the configurations using https://docs.splunk.com/Documentation/UnixApp/5.2.4/User/First-timeconfiguration

0 Karma

Path Finder

Even in the file inputs.conf, we dont have the options to specify the host details from which we need the data metrics. Only below are available:

[script://./bin/updatehosts.py]
interval = 0 0 * * *
index=main
sourcetype=unix
apphostsupdate
disabled = 0
passAuth = splunk-system-user

Could anyone please help to configure the required hosts which I need to be monitored.

0 Karma

SplunkTrust
SplunkTrust

@akarivaratharaj , as mentioned above, the scripted inputs is available in add-on. Neverthless, if you want to set the host in the inputs.conf, you could set it in global settings under [default] as host="your host name"

docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

0 Karma

SplunkTrust
SplunkTrust

@ddrillic , @akarivaratharaj , just FYI, the above pages are corrected by splunk documentation team

0 Karma

Path Finder

@renjith.nair,

The environment could be distributed or stand alone but the forwarder should be installed on the machine from where we need to fetch the required metrics.

Am I right?

If so could you please suggest which kind forwarder can I install over there

0 Karma

SplunkTrust
SplunkTrust

@akarivaratharaj , hows your overall architecture looks like? If you have machines sending data to a central system, (says indexers) then you need to install the add-ons on all forwarders.

0 Karma

Path Finder

@renjith.nair,

Yes even I got the same link when I was searching for the method to enable data input for the App for Unix & Linux.

So can we use the same steps of Add-on to enable the Data inputs in App also?

0 Karma

SplunkTrust
SplunkTrust

@ddrillic , @akarivaratharaj ,
As mentioned in the Comparison of the Splunk App and Splunk Technology Add-on for Unix and Linux ,

During the course of the development of the app, Splunk customers asked us for Unix and Linux knowledge and inputs packaged separately from the Splunk Web user interface components that are present in the full app. This request was often made in order to facilitate use on light or universal forwarders, or when the primary use case for Unix and Linux data is to correlate with other data sources in an app other than Splunk for Unix and Linux. 

By looking at the contents of both the app and the add-on, you need the add-on as well to enable data inputs on the forwarders. The configuration documentation of the APP in App Configuration also directs to the addon configuration for inputs

To enable or disable the data and scripted inputs for the Splunk Add-on for Unix and Linux, review "Enable data and scripted inputs" in this manual. 
0 Karma

Ultra Champion

Interesting @renjith.nair, the first link refers to the AddOn while the second one to the App.

0 Karma