Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk App for Unix and Linux configuration
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk App for Unix and Linux configuration
Hi
I've installed Splunk App for Unix and Linux and Splunk Add-on for Unix and Linux. I want to monitor basic things about my machine as CPU usage, memory etc.
In documentation I've read that for the first install there is no need to do any changes in Settings -> Your Data.
When I want to display home dashboard it shows No results found. Can it be connected with sourcetype in Settings -> your data, because I leave it with default.
I would be grateful for some advice.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So based on my understanding, you are not able to see any data in Splunk App for Unix and Linux Dashboard, in that case have you configured Splunk App for Unix and Linux, reference docs http://docs.splunk.com/Documentation/UnixApp/5.2.3/User/First-timeconfiguration and if you go to next pages it will give you idea about different dashboards/pages.
If data is coming from Add-on with default sourcetype then in App for Unix and Linux Settings-> Your Data page you need to click save button.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @swdowiarz,
You need to configure Splunk Add-on for Unix and Linux first which will run different script at certain interval (You can configure this) to monitor CPU, Memory, Disk Usage etc. Please refer this documentation to configure Splunk Add-on for Unix and Linux so that it will send data to Indexers and after that you can search data from Search head.
I hope this helps.
Thanks,
Harshil
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did configuration for Splunk Add-on for Unix and Linux and all the inputs are enable, but there still nothing to show.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you installed this add-on on Indexers as well because add-on will send data to os index, so you must have os index on Indexers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I did it, when I search index=os there are lot of events but instead of dashboards there is still No results found
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
