What is the difference between the "Splunk for Unix and Linux app" and the "Splunk for Unix and Linux technology add-on"? Why would I use the technology add-on (TA) rather than the app?
Some customers asked us for Unix and Linux knowledge and inputs packaged separately from the Splunk Web user interface components. Often, this request was in order to facilitate use on forwarders or when the primary use case for Unix and Linux data is to correlate with other data sources in an app other than Splunk for Unix and Linux.
The technology add-on and the app share the same common knowledge and input base. It is also worth mentioning that the technology add-on and app should NOT be installed on the same system (you will receive an "Unsupported Configuration" warning on both app home pages) and that the technology add-on should not be installed on Windows (you will receive an error as well). To reiterate, you only need the app OR the add-on, not both.
If you were a previous user of the unix app, feel free to simply upgrade to the latest version. No special instructions or steps should be required.
See http://docs.splunk.com/Documentation/UnixApp/4.5/User/AbouttheSplunkAppforUnix for the latest documentation on both the app and the technology add-on.
Some customers asked us for Unix and Linux knowledge and inputs packaged separately from the Splunk Web user interface components. Often, this request was in order to facilitate use on forwarders or when the primary use case for Unix and Linux data is to correlate with other data sources in an app other than Splunk for Unix and Linux.
The technology add-on and the app share the same common knowledge and input base. It is also worth mentioning that the technology add-on and app should NOT be installed on the same system (you will receive an "Unsupported Configuration" warning on both app home pages) and that the technology add-on should not be installed on Windows (you will receive an error as well). To reiterate, you only need the app OR the add-on, not both.
If you were a previous user of the unix app, feel free to simply upgrade to the latest version. No special instructions or steps should be required.
See http://docs.splunk.com/Documentation/UnixApp/4.5/User/AbouttheSplunkAppforUnix for the latest documentation on both the app and the technology add-on.
Good question! The searches are by and large the same, with only bugs in them being fixed. Migration was tested and we didn't notice any issues.
Also, keep in mind that you only need the app OR the add-on, not both. So, if you were using the unix app before, just upgrade to the new version of the unix app. The add-on is really for new deployments on forwarders or on indexers where all the UI of the unix app is not required but the knowledge (inputs, etc) are required.
When migrating from the older Splunk for Unix and Linux, are the searches and such compatible between them? Is there a preferred order to upgrade? Any issues when migrating to this new pair of apps instead of the single app?