This perhaps is a silly question but I have been unable to quickly find an answer in the documentation. What is the SA-NIX application? My deployment server has installed SA-nix, Splunk Application for UNIX, Splunk add-on for *NIX, and I am trying to document what is the difference and features of the three applications.
If you install the Splunk App for Unix and Linux in a distributed environment and have configured the search heads in that environment to send data to the indexers, you might need to deploy the indexes.conf file that comes with the Splunk Supporting Add-on for Unix and Linux component (SA-nix/default/indexes.conf) onto your indexers to ensure that the unix_summary summary index is available. Failure to do so might cause issues with alerts for the app, as alerts use this special index.
I am writing an High Level Design and my question relates the Splunk Use Cases. The link http://docs.splunk.com/Documentation/UnixApp/5.1TA/User/WhataSplunkAppforUnixandLinuxdeploymentlooks...
http://docs.splunk.com/Documentation/WAS/2.0.1/InstallGuide/SplunkforWAS give an example of what I am looking for and may help me to understand the users provisioning and/or de-provisioning.