I am trying to configure the Splunk App for Unix and Linux https://splunkbase.splunk.com/app/273/ on my Search Head, but on the Settings page I am getting an error.
I know this is due to a Windows OS hosting the Search Head since the page loads fine in my test Red Had machine.
My client requires all instances on my Splunk cluster to run on Windows Server 2016, and that cannot change. The error I am getting is: ServerSideInclude Module Error! Invalid template path. C:\APP\splunk_app_for_nix\appserver\static\settings.html.
My thoughts is that this error is caused by $SPLUNK_HOME being located in the Program Files directory and the app is unable to parse the space in the directory name. Are there any suggestions of how to fix this? I suppose I could resort to moving $SPLUNK_HOME to another directory. I would prefer not do that since I am not completely confident this would resolve the issue.
EDIT:
I changed $SPLUNK_HOME to E:\Splunk, but the same error message still points to C:. I reinstalled the app and gave full permissions to everyone to all files and folders in the app but no change.
All other tabs appear to work correctly, but not the Settings tab.
If it helps your cause, looking at the release notes, it seems it may not 'technically' be supported on windows:
https://docs.splunk.com/Documentation/UnixApp/5.2.5/User/Platformandhardwarerequirements
Official support
While the Splunk App for Unix and Linux can be installed on any version of *nix that Splunk supports, only the following versions have official support:
For installation of the Splunk App for Unix and Linux, on search heads: Linux, any version that Splunk supports.
No specific mention of windows, but I always thought it was.
I was able to find a workaround to this issue which was to modify the macro os_index
to your index directly under Advanced Search settings. For example index=linux_logs.
@Bhjindal I tried modifying that macro, but that didn't fix the settings page inside the app.
If it helps your cause, looking at the release notes, it seems it may not 'technically' be supported on windows:
https://docs.splunk.com/Documentation/UnixApp/5.2.5/User/Platformandhardwarerequirements
Official support
While the Splunk App for Unix and Linux can be installed on any version of *nix that Splunk supports, only the following versions have official support:
For installation of the Splunk App for Unix and Linux, on search heads: Linux, any version that Splunk supports.
No specific mention of windows, but I always thought it was.
I must have missed that in the documentation. I will point out to management that the app is not officially supported and see if I can run it on Linux. Thanks for your help!
The link i posted in the comment makes mention of some issues with installing into the default path.
It will help with a number if issues if you install Splunk on its own volume, and ideally low down in the file structure too.
e.g. D:\splunk
With this specific issue, i wonder if the $SPLUNK_HOME variable is not set for some reason, but the path it is complaining about looks very wrong.
Another issue that the default path causes can be permission related - Splunk needs to own its own file structure, and in program files there can be restrictions on what the user running Splunk can/can not do. Moving to its own path and ensuring the Splunk user has full control of all files/folder can help. - It's possible (based on nothing more than a guess) that this could be related.
Strap yourself in! You are in for a bumpy ride with a mixed Linux/Windows estate with Splunk deployed on windows.
https://answers.splunk.com/answers/516059/what-are-the-pain-points-with-deploying-your-splun.html
@nickhillscpl I changed the $SPLUNK_HOME location to E:\Splunk, but I am still getting the same error message pointing to C:. I reinstalled the app and gave full permissions to everyone to the app but no change. Do you have any other suggestions? All of the other tabs appear to work correctly, but not the Settings tab.
Its a longshot - what locale is used in your url for settings?
yoursplunk:8000/en-US/app/splunk_app_for_nix/settings
Try with en-US if its something else - also what do you get if you enter that url directly?
I am using the en-US locale, and I am greeted with the same error message with that URL. I'd like to get this working, but either way I am going to use this to try and convince management to convert to Linux, at least for the SH.
Working on Windows is very frustrating, and I have run into a lot of issues with this deployment because of the OS. I will take your suggestion and move $SPLUNK_HOME lower in the file structure. Hopefully this will prevent other problems from occurring in the future.