All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Add-on for Unix and Linux: Is there a way to auto deploy this add-on to all my forwarders?

btcdirectinfra
Explorer
‎10-05-2016 01:41 PM

On the Splunk Light server (indexer + UI , configured to be Distributer) i did the following:
I installed the Splunk Add-on for Unix and Linux (Splunk_TA_nix) according to instructions.
I set up the class so all my servers are included for this app.
Configured which scripts it should run (external data input scripts)
I restarted several times.

Each server I want to monitor has an Universal Forwarder installed.
Now, only 2 out of the total 5 forwarders return "Splunk_TA_nix app" metrics.
They are all identical in OS, Firewalling, Forwarder installation procedure.
Is there a way to make this work, without changing each forwarder individually? Because if it were like 500 instead of 5 forwarders, i would have a problem.

Thanks in advance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

btcdirectinfra
Explorer
‎10-05-2016 05:16 PM

So i logged in to each server and added the forwarder address again (just to be sure) and restarted splunk.
Nothing changed.
But the local logs pointed out that deployment command of the Splunk_TA_nix app was sent from the deployment server.
So then i turned on all the scripts (Splunk indexer > GUI > data inputs > external scripts > enabled a lot of them).
So i see that the cpu script does not return data from all servers, but the uptime script does.
I am still looking into the environment differences that can explain this different behaviour.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

circleup
Explorer
‎02-09-2017 09:57 AM

Can you clarify how you "set up the class so all [your] servers are included for this app"? When I try to edit apps for my server classes, I don't see this add-on available. And when I go to "Set Up" for the add-on, it just points me to the documentation.

I'd prefer to not have to manually install it on every forwarder but rather have them deployed centrally. Thanks!

0 Karma
Reply
Solved! Jump to solution
Solution

btcdirectinfra
Explorer
‎10-05-2016 05:16 PM

So i logged in to each server and added the forwarder address again (just to be sure) and restarted splunk.
Nothing changed.
But the local logs pointed out that deployment command of the Splunk_TA_nix app was sent from the deployment server.
So then i turned on all the scripts (Splunk indexer > GUI > data inputs > external scripts > enabled a lot of them).
So i see that the cpu script does not return data from all servers, but the uptime script does.
I am still looking into the environment differences that can explain this different behaviour.

0 Karma
Reply
Solved! Jump to solution

btcdirectinfra
Explorer
‎10-05-2016 06:17 PM

So then i installed the sysstat package on those (forward) servers with: yum install sysstat
Fixed it!
(To understand why one server already had this package installed, well.. maybe i once needed it and forgot about it).

Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...