All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Unix and Linux

lmjoin
Explorer
‎06-19-2018 09:20 AM

Hello , we have indexer clustering setup. We need to implement Splunk Add-on for Unix and Linux to monitors hosts. How we can do.
in this case.

0 Karma
Reply

lmjoin
Explorer
‎07-03-2018 09:24 AM

we need to install add on on which from we need data and , on indexer and search head we need app.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎06-19-2018 10:24 AM

See the general instructions to Install an add-on in a distributed environment in the Splunk Add-ons manual. There is also some additional information in Deploy the Splunk Add-on for Unix and Linux in a distributed environment in Deploy and Use the Splunk Add-on for Unix and Linux.

0 Karma
Reply

lmjoin
Explorer
‎06-19-2018 11:06 AM

Thanks for reply , i have read this and confusion in mind , here need data from hosts only , not from indexer and search head , but in that case i have to install app on both indexer and search head ?. can it have some logic ?

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎06-19-2018 03:48 PM

I am not sure I understand your question. If you don't understand the basic tiers of a Splunk deployment and what the function of each of them is (forwarder, indexer, search head), then you should learn that before you try to install an add-on, especially in a distributed deployment.

You have to install the add-on onto your indexers that are receiving data from your Linux hosts.

You have to install the add-on onto your search heads so you can search the indexed data.

You have to install a universal forwarder and the add-on onto each of your Linux hosts, so they can send the data to the indexer.

0 Karma
Reply

lmjoin
Explorer
‎06-21-2018 09:15 AM

Thanks
i have put app under master indexer and push and updated and install on SH , add on forwarder but while configuring it require remote server URL , is it for master or any one

0 Karma
Reply

lmjoin
Explorer
‎07-03-2018 09:24 AM

we need to install on which from we need data add on and on indexer and search head we need app.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-03-2019 09:36 AM

I'm also having trouble following the question here. Specifically, I can't imagine where "remote server URL" came into play. If you can be super specific and show us what step of what page in the instructions you are running into a challenge then I'm sure we can help.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...