- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: NIX app not listing my fowarded hosts in host ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NIX app not listing my fowarded hosts in host list
Hello,
I am running a Splunk at a solaris server.
I have deployed 4 universal forwarders, 3 at solaris machines and 1 at a windows virtual machine.
Splunk server and all the forwarding machines are under the same VLAN and no firewall is involved between there communication.
All my forwarders are being listed in the Deployment Monitor, however my NIX app is not listing these servers under the host list in CPU by host or Memory by host menu item.
I have installed the fieldextractor app of splunk and its showing all my hosts and all the data transfered.
I want these servers to be listed there under host list of NIX so i can have statistical graphs of these servers in NIX. Currently i am having only one entry in host list, i.e. "host" and is showing the statistics of Splunk server itself.
Please suggest me what should i do to list down my forwarded servers in the host list of Nix app.
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear All,
Just seen this post as unanswered till yet which indicates that the problem is still unresolved. so I am answering your problem as below.
First of all forwarding from windows OS to nix application is not supported. Nix app can handle data forwarded only from OS based on Unix [i.e. linux, solaris etc]
Copy and paste the NIX app in SplunkHome/etc/apps/ where SplunkHome is the directory where your forwarder is installed.
Change your directory to SplunkHome/bin and register your forwarder using following commands
./splunk start
./splunk add forward-server <SplunkServerIP>:<Receiving Port>
./splunk restart
[In case of any username/password prompt during execution of above mentioned commands, please use admin/changeme as username/password]
Set the data to be forwarded in SplunkHome/etc/apps/unix/bin/local/inputs.conf. For sample I am sending you a full configuration file which will send all the parameters after every second to your splunk server. Just copy the below mentioned data and paste it in ur inputs.conf file at SplunkHome/etc/apps/unix/bin directory
[To change data posting interval by forwarder to splunk server change the interval value below and to disable some specific information set disabled = 1]
[script://./bin/cpu.sh]
interval=1
sourcetype=cpu
index=os
disabled=0
[script://./bin/df.sh]
interval=1
sourcetype=df
index=os
disabled=0
[script://./bin/hardware.sh]
interval=1
sourcetype=hardware
index=os
disabled=0
[script://./bin/interfaces.sh]
interval=1
sourcetype=interfaces
index=os
disabled=0
[script://./bin/iostat.sh]
interval=1
sourcetype=iostat
index=os
disabled=0
[script://./bin/lastlog.sh]
interval=1
sourcetype=lastlog
index=os
disabled=0
[script://./bin/lsof.sh]
interval=1
sourcetype=lsof
index=os
disabled=0
[script://./bin/netstat.sh]
interval=1
sourcetype=netstat
index=os
disabled=0
[script://./bin/openPorts.sh]
interval=1
sourcetype=openPorts
index=os
disabled=0
[script://./bin/package.sh]
interval=1
sourcetype=package
index=os
disabled=0
[script://./bin/protocol.sh]
interval=1
sourcetype=protocol
index=os
disabled=0
[script://./bin/ps.sh]
interval=1
sourcetype=ps
index=os
disabled=0
[script://./bin/rlog.sh]
interval=1
sourcetype=rlog
index=os
disabled=0
[script://./bin/time.sh]
interval=1
sourcetype=time
index=os
disabled=0
[script://./bin/top.sh]
interval=1
sourcetype=top
index=os
disabled=0
[script://./bin/usersWithLoginPrivs.sh]
interval=1
sourcetype=userswithLoginPrivs
index=os
disabled=0
[script://./bin/vmstat.sh]
interval=1
sourcetype=vmstat
index=os
disabled=0
[script://./bin/who.sh]
interval=300
sourcetype=who
index=os
disabled=0
To forward your windows data you need to install Splunk windows application in your splunk server [same as u installed NIX app] and do the above mentioned activity as per windows OS format.
For further details please refer to http://splunk-base.splunk.com/answers/50082/how-do-i-configure-a-splunk-forwarder-on-linux
Regards,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The data get's written to an index called 'os'
You can change this... see this previous post.
http://splunk-base.splunk.com/answers/4698/how-to-change-the-default-index-of-nix-app
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did anybody figure this out? We setup a demo install and haven't been able to resolve this issue either.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same here. I can't figure it out. It picks up log information from the Splunk host, but nothing from my other machines. Anyone seen this problem?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same issue here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have the same problem as above mentioned.i can view all my remote host data through splunk search but when it comes to *NIX app it only shows the local host.i will be glad if someone can help on this.
Cheers
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
