Hello,
I am currently adding splunk to some AIX servers. The *NIX app is gathering data from all the linux servers but none of the AIX servers seem to be getting the app.
For the App I have version:
Splunk App for Unix - 5.0.1
*NIX 4.6 - 4.6
and on the AIX servers am installing splunk 5.04:
splunkforwarder-5.0.4
Does one of the versions need updated to get AIX or is it not supported by the App?
You don't want both 4.6 and 5.0.1 versions of the unix app. You'll also want to enable receiving from forwarders on port 9997 of the indexer.
On the AIX servers, you want to install splunkforwarder and Splunk_TA_nix, restart, then enable the inputs you want, and create a forward from your forwarder to port 9997 of the indexer.
I would advise using the most current version of our universal forwarder, which is 6.0.2 at the moment:
I got the search head updated and installed the new version on one of the aix servers in the apps directory and now it gives a segmentation fault and dies on start up. Had this problem earlier when tried installing 5.0.2 so upgraded to 5.0.4 which starts up fine with no app.
Does a higher version of the forwarder need to be installed? Also, tested updated unix app on a linux server and works fine.