Why am I unable to retrieve .nix hosts data for th...

vivekjha · ‎11-11-2016

I have installed Splunk Enterprise full instance on a Linux system and universal forwarder in different Linux system. I have to read the CPU and disk usage of the forwarder system to Splunk Enterprise system.

For that, i have installed Splunk App for Unix and Linux on Splunk Enterprise system for Splunk Web and Splunk Add-On for Unix and Linux to the forwarder system. But when i checked the splunkd.log on the forwarder system; it is giving the below error:

11-11-2016 17:47:50.237 +1100 ERROR ExecProcessor - message from "/opt/dir/splunkinstall/splunkforwarder/etc/apps/Splunk_TA_nix/bin/cpu.sh" /bin/sh: \r: No such file or directory

i have given the executable access chmod a+x cpu.sh and i have changed the SPLUNK_HOME "/opt/dir/splunkinstall/splunkforwarder" directory but still i am getting the same error.

Please provide the solution on the above query.

SierraX · ‎11-12-2016

Hi,
the error show something ist missing:

I've looked to the script them self and the cpu.sh seems to use sar. It's part of the sysstat package most Linux distros have not in minimal or standard installations.
Make sure sar is installed and usable by user splunk.
You can also test the script is running with the command
./splunk cmd /opt/dir/splunkinstall/splunkforwarder/etc/apps/Splunk_TA_nix/bin/cpu.sh

Kind Regards
SierraX

SierraX · ‎11-12-2016

my output looks like

[splunk@splunk ~]$ splunk cmd /opt/splunk/current/etc/apps/Splunk_TA_nix/bin/cpu.sh
CPU pctUser pctNice pctSystem pctIowait pctIdle
all 0.50 0.00 1.25 0.00 98.25
0 0.00 0.00 0.00 0.00 100.00
1 0.99 0.00 2.97 0.00 96.04
2 0.00 0.00 1.00 0.00 99.00
3 1.00 0.00 1.00 0.00 98.00

vivekjha · ‎11-13-2016

Thanks for the reply.

SAR command is installed in system and i am getting the CPU information using command sar -P ALL 1 1
.

After that i have executed the below command and still i am getting the error:
./splunk cmd /opt/dir/splunkinstall/splunkforwarder/etc/apps/Splunk_TA_nix/bin/cpu.sh
: No such file or directory

Please help me on that.

SierraX · ‎11-13-2016

it's to early for me in my country *stifle a yawn*

 ls -l /opt/splunk/current/etc/apps/Splunk_TA_nix/bin/common.sh
 -rwxr-xr-x 1 splunk splunk 3864 12. Nov 15:28 /opt/splunk/current/etc/apps/Splunk_TA_nix/bin/common.sh

 ls -l $(which uname)
 -rwxr-xr-x 1 root root 33048 16. Feb 2016  /bin/uname

vivekjha · ‎11-14-2016

Do you have any installation manual in which i can cross check the steps for installation of splunk add on for linux in universal forwarder system and send data back to splunk enterprise system.

Also, the steps for Splunk for Linux app installation in Splunk enterprise server. I have gone through the Splunk docs but it's very confusing.

Thanks in advance.

kfir_fireglass · ‎03-01-2017

Hey,
Have you figured out how to install splunk for linux app and configure it with the universal forwarder?

I've been struggling for two days to setup it from scratch on new dev environment.. Didn't managed to get results in the app. Finding it super hard to troubleshoot.

SierraX · ‎11-13-2016

in my system:

  ls -l /opt/splunk/current/etc/apps/Splunk_TA_nix/bin/cpu.sh
  -rwxr-xr-x 1 splunk splunk 3616 12. Nov 15:28 /opt/splunk/current/etc/apps/Splunk_TA_nix/bin/cpu.sh




 ls -l $(which awk)
 lrwxrwxrwx 1 root root 4  8. Jan 2016  /bin/awk -> gawk

 ls -l /bin/egrep
 -rwxr-xr-x 1 root root 158 20. Nov 2015  /bin/egrep

 ls -l $(which sar)
 -rwxr-xr-x 1 root root 97440  6. Mär 2015  /bin/sar

Didn't saw another involved system programs right now...
Do you have a shell skilled Linux admin on your side?
I will also look but this could need a while

Why am I unable to retrieve .nix hosts data for the Splunk Add-on for Unix and Linux on my universal forwarder?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!