Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Collect SunOS-SPARC Logs

dania_abujuma
Explorer
‎03-26-2025 02:10 AM

Hello Splunkers!

I am looking for a way to collect the SunOS-SPARC OS logs. After some research, I have tried to update the inputs.conf in the Splunk Add-on for Unix and Linux ( https://splunkbase.splunk.com/app/833 ), as below (this is a snippet of the config file not all of it) :

# Currently only supports SunOS, Linux, OSX.
# May require Splunk forwarder to run as root on some platforms.
[script://./bin/service.sh]
disabled = 0
interval = 3600
source = Unix:Service
sourcetype = Unix:Service
index = os

# Currently only supports SunOS, Linux, OSX.
# May require Splunk forwarder to run as root on some platforms.
[script://./bin/sshdChecker.sh]
disabled = 0
interval = 3600
source = Unix:SSHDConfig
sourcetype = Unix:SSHDConfig
index = os

# Currently only supports Linux, OSX.
# May require Splunk forwarder to run as root on some platforms.
[script://./bin/update.sh]
disabled = 0
interval = 86400
source = Unix:Update
sourcetype = Unix:Update
index = os

[script://./bin/uptime.sh]
disabled = 0
interval = 86400
source = Unix:Uptime
sourcetype = Unix:Uptime
index = os
[script://./bin/version.sh]
disabled = 0

This didn't work and no logs were collected (I have made sure the user running Splunk forwarder has read privilege), is there any other recommendation?

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎03-26-2025 02:17 AM

Hi @dania_abujuma 

Just to check - have you created the "os" index on your indexers?

Are you able to see the _internal logs for these forwarders? This will help determine if the issue is sending, or receiving the data. 

Do you see any reference to these inputs (and any errors?) in the $SPLUNK_HOME/var/log/splunk/splunkd.log file?

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will

0 Karma
Reply

dania_abujuma
Explorer
‎03-26-2025 02:26 AM

Hello @livehybrid ,

Yes, I have created the "os" index in my indexer.

I can see in the _internal index logs for these hosts.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...