This perhaps is a silly question but I have been unable to quickly find an answer in the documentation. What is the SA-NIX application? My deployment server has installed SA-nix, Splunk Application for UNIX, Splunk add-on for *NIX, and I am trying to document what is the difference and features of the three applications.
Not sure if you looked in the documentation for the Unix App itself, but it has topics on the app and both of the add-ons, including the Supporting Add-on.
If you install the Splunk App for Unix and Linux in a distributed environment and have configured the search heads in that environment to send data to the indexers, you might need to deploy the indexes.conf file that comes with the Splunk Supporting Add-on for Unix and Linux component (SA-nix/default/indexes.conf) onto your indexers to ensure that the unix_summary summary index is available. Failure to do so might cause issues with alerts for the app, as alerts use this special index.
The UNIX application and its add-on was understood. I was unable to read details of the SA-nix in the links which you provided.
SA-nix is the Supporting Add-on for Unix and Linux. Is there specific information you are looking for that the documentation does not provide?
I am writing an High Level Design and my question relates the Splunk Use Cases. The link http://docs.splunk.com/Documentation/UnixApp/5.1TA/User/WhataSplunkAppforUnixandLinuxdeploymentlooks...
http://docs.splunk.com/Documentation/WAS/2.0.1/InstallGuide/SplunkforWAS give an example of what I am looking for and may help me to understand the users provisioning and/or de-provisioning.