Solved: Why is the Splunk Add-on for Unix and Linux not pr...

shbagautdinov · ‎07-19-2016

Hello, Splunkers!

I use splunk_TA_nix and this search does not give results. lastlog.sh permissions 754.
Who.sh does not show any data too.
Splunkd is running by root account on CentOS 7.
Is it true that this search must show info about last login of all accounts in each event?

shbagautdinov · ‎08-11-2016

Ok, thanks to all, I have the answer 😃
Yes, when Splunk_TA_nix is properly installed it shows info about lastlogin in each event.
I have done 2 steps to resolve my issue:
1) I have set 755 permissions to all .sh scripts in Splunk_TA_nix
2) And the most important thing I have installed and enabled Splunk_TA_nix on my Windows Search head (In inputs.conf all stanzas must be disabled. It is by default. Do not change this default setting).

View solution in original post

shbagautdinov · ‎08-11-2016

Ok, thanks to all, I have the answer 😃
Yes, when Splunk_TA_nix is properly installed it shows info about lastlogin in each event.
I have done 2 steps to resolve my issue:
1) I have set 755 permissions to all .sh scripts in Splunk_TA_nix
2) And the most important thing I have installed and enabled Splunk_TA_nix on my Windows Search head (In inputs.conf all stanzas must be disabled. It is by default. Do not change this default setting).

Why is the Splunk Add-on for Unix and Linux not producing data in lastlog events?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!