M not much familiar with unix os I have installed splunk 4.1.2 on HP-UX 11.23 Itanium I enabled unix apps and also enabled to collect local statistics. I cudn't see any thing in search or unix app i.e no sources, no source types, no host. M i missing something..??
When you enabled the Nix app it may be sending all the data to a different index. I think ours was send to the index=os.
Log in as a Splunk admin and got to Manager - Indexes - and look for index name "os". This should be enable and assigned to the unix app. If so you will need to go back to manager - access control - roles - if you have created a role for your users select that role or open the admin role and scroll down till you see default indexes and under selected indexes verify that the "os" index is added.
This should give your admin account default access to that index so you will not have to add index=os to your searches.
i kept all the defaults and I have the same OS and problem. I've tried what you said and everything is enabled and roles set and assigned correctly. Not sure whats going on? Is there anything else that can be done?
Check and see if you have the right permissions on the folders or files being logged. For example, most folders/files in /var/log* are owned by root. You need to give Splunk a way to read those logs - either run splunk as root OR put the splunkuser in an admin group that has read permissions on said location.
I get the hpux splunk tar and untar it to /home2/splunk... i've tried :
chmod -R a=rwx ./splunk
chown -R root:sys ./splunk
I start splunk as root user using ./splunk start --accept-license
I've tried giving admin user all roles and putting os index in admin role. I can get data from existing files but what I really want to do is get data from the nix runtime stuff ie:
*nix app also indexes output from common system tools:
top: top processes on host vmstat: memory usage info iostat: io throughput ps: all process info netstat: network status and throughput protocol: detailed network throughput interfaces: stats per link-level Ethernet interface open ports: snapshot of open ports time: clock details lsof: open files per user, process df: disk and volume usage who: current active user sessions users with privileges: users with login accounts lastlog: last login time for users who have ever logged in cpu: shows stats per CPU rlog: auditd logs translated with ausearch packages: current installed packages hardware: details of host hardware*strong text*
as I know , currently *NIX app doesn't support HP-UNIX , you need to modify shell scripts by yourself. We are also seeking for professional man to modify those scripts under HP-UNIX.