All Apps and Add-ons

*NIX - Ubuntu Hosts do not Show Up (How to Add?)

hyoung
New Member

I have numerous Ubuntu servers forwarding syslog information to SPLUNK. It is all be logged and can be searched from the main search page in the SPLUNK interface. They do show up as hosts with their proper host names. My problem is that the "*NIX" app does not see them as Linux hosts. The only Linux server that is listed in the *NIX Hosts field is the Splunk server itself. Help?

0 Karma

dailv1808
Path Finder

same. anyone know how to fix that?

0 Karma

dmaislin_splunk
Splunk Employee
Splunk Employee

Mike is correct. Use the forwarder on the Unix system with the app installed on that forwarder under $SPLUNK_HOME/etc/apps. This app if you download it contains many scripts that run and forward the data via the forwarder to the Splunk indexer. To see the scripts, look in the bin directory in the App or look at the inputs.conf in the default directory to see how they are being called.

mikelanghorst
Motivator

The *nix app should be run on all hosts that run a splunk instance, whether that is the indexer/search head or forwarder.

That is assuming you want that extra data provided.

0 Karma

hyoung
New Member

Not sure if I understand. I have the "splunkforwarder-4.2-96430-Linux-x86_64.tgz" that I can deploy on each of the linux hosts that I am logging. Is this what you are referring to as "app"? I have the "*NIX" app already running on the SPLUNK instance, and it works to report on the SPLUNK server instance itself. Is this all that is required or is there some else that needs to go on each host?

0 Karma

mikelanghorst
Motivator

Do you have the *nix app deployed to these Ubuntu hosts, or are you just sending data over syslog? I could be wrong, but I think it's looking at data provided by scripts to determine they are Linux hosts.

0 Karma

hyoung
New Member

Thanks for your answer. Yes. I am only sending syslog data.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...