Linux data collection

roopeshetty · ‎06-12-2019

Hi Guys,

We are using Splunk Cloud and we have a requirement to get the Linux performance counter data (CPU, Memory and Disk usage) from few Linux servers in our data center.

What we did is ;

Installed the “Splunk Add-on for Unix and Linux” on our Splunk Cloud.
Installed the “Splunk Add-on for Unix and Linux” on the universal forwarder of the Linux server and enabled the required scripts which we wanted to send the data of and then restarted the universal forwarder.
Now we go to the App “Splunk Add-on for Unix and Linux” on our Splunk Cloud and we get the message as below;

“Splunk Add-on for Unix and Linux: Setup; Please set up this add-on on your forwarders. Documentation on how to configure this add-on is here”

Can some one tell me what is wrong here, why not getting the data.

richgalloway · ‎06-12-2019

When you say you installed the add-on on your cloud, do you mean the indexers or search heads? It should be installed on the indexers.
What index is the forwarder writing to? Does the index exist on the indexers?

---
If this reply helps you, Karma would be appreciated.

roopeshetty · ‎06-12-2019

its cloud splunk hence i assume its indexers+search heads both same there. index is main hence it exist there.

jnudell_2 · ‎06-12-2019

That's a bad assumption. In SplunkCloud the indexers & search heads are usually separate. If you installed the TA on the search head, then you will still need to install it on the indexer.

Linux data collection

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?