Re: Not receiving data from Unix Add On in Distrib...

dishasaxena · ‎02-20-2014

I have installed Unix Add-on on a Unix machine forwarder and by following the steps given in document below, then I have installed Splunk App for Unix on search head and Unix Add-on on Indexer(which is a search peer) but I am not getting any data of Unix in Unix App on search head.
I looked up in log files and have found below errors in search head:

02-19-2014 17:44:21.874 +0530 INFO ExecProcessor - New scheduled exec process: python "E:\Program Files\Splunk\etc\apps\splunk_app_for_nix\bin\scripted_inputs\dependency_manager.py"
02-19-2014 15:40:54.428 +0530 WARN BundleArchiver - Filtered nothing out of E:\Program Files\Splunk\etc\apps\splunk_deployment_monitor\metadata\local.meta, but size still changed: original_size=78, filtered_size=75, cosmetic_bytes=

Please help.

Regards,
Disha

bosburn_splunk · ‎02-20-2014

Do you find any data if you search index=os?

Is the search head a deployment server as well?

Did you configure the application before you deployed it?

dishasaxena · ‎02-20-2014

No, I don't get any data if run index=os

Search head is not a deployment server. In fact, I am not using deployment server as of now.
Yes, I have configured the application with the default inputs. Regarding configuration of application, if you need to know any specific details, please let me know.

Regards,
Disha

dishasaxena · ‎02-20-2014

I forgot to paste the link of document which I referred, please find it below:

http://docs.splunk.com/Documentation/UnixApp/latest/User/AbouttheSplunkAppforUnix

Not receiving data from Unix Add On in Distributed Search Environment

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor