Deployment Architecture

Install Add-on for Unix and Linux

ymzhangco
New Member

I installed Splunk Add-on for Unix and linux on a single Splunk server environment for testing. However, each time I go to the App, it shows the set up page. I made the selection, clicked save button, and restart the Splunk. The result is the same, always show the setup page.

How do I turn off the setup page?

Thanks,

Tags (3)
0 Karma

woodcock
Esteemed Legend

Check permissions and check to be sure that the DS is not controlling that app and overwriting your changes.

0 Karma

kgderrekchapin
Path Finder

Check that the permissions/ownership of your Splunk directory are correct. I ran into a similar issue where Splunk was started as root user and when the new app was installed it was installed as the root user. Any changes that I made to that app while logged into the Splunk instance did not persist as it didn't have rights to write to the directory.

Thank you,
Derrek

0 Karma

ymzhangco
New Member

Thanks for the response. I checked the splunk process. It is run by splunk. However, I found an interesting owner/group issue for /opt/splunk/etc/apps/Splunk_TA_nix/local/inputs.conf. Each time I setup the app and save, splunk will write this file as splunk:user. What is file and/or this directory should be owned? splunk:user or splunk:splunk?

Thanks, appreciated.

0 Karma

kgderrekchapin
Path Finder

In my experience having it owned by splunk:splunk has given me the best results. However you should be good if that file has permissions of 750.

-Derrek

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...