- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am using the Splunk Add-On for Linux on my deployment server (which is a windows server) and trying to use this to collect data from my linux machines that have the universal forwarder connected to my deployment server. I was curious if anyone knows if this is because that add-on isn't compatible - because the server hosting it is Windows? (even though its being deployed to Linux machines). If this is the case - is there any easy work around other than creating another deployment server that is Linux for deploying to my Linux machines?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Splunk don't support DS on windows to manage linux/unix clients, only windows nodes can used as clients on that case. You can see the reason for that on above messages.
If you want this to work you must transfer you DS to linux host to handle this. Fortunately DS server on linux can handle also Windows clients, so no need for two DS servers.
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately, I don't know any workaround since Windows does not support it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Splunk don't support DS on windows to manage linux/unix clients, only windows nodes can used as clients on that case. You can see the reason for that on above messages.
If you want this to work you must transfer you DS to linux host to handle this. Fortunately DS server on linux can handle also Windows clients, so no need for two DS servers.
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since Windows cannot manage execute permissions, modular inputs will not run on Linux. If you are only monitoring files on Linux it may work. But *.sh files cannot be executed without execute permission.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you know how to give them execute permission? I now see that the few things I enabled in inputs.conf are .sh - and when checking index=_internal I can see that for each of them it says permission denied (Hence why nothing was showing up in the first place and I thought the add-on wouldn't work at all)
Alternatively, if I can't use the .sh monitoring inputs, do you know what else is available from the add-on that would be useful?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@pc1 Technically your linux machines are phonehome to Deployment Server (DS) installed on Windows OS. As long as they are able to connect to DS and you have the Linux add-on whitelisted to Linux machine using serverclass.conf all should work fine.
Linux Add-on on Windows DS not actually collecting anything on windows rather its just acting as app/add-on repository for your linux/other forwarders to distribute, if your set-up is right shouldn't be a problem. What's the exact issue?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You're correct, it does work. It took me a while to found the inputs that I enabled were receiving permission denied when trying to run on the forwarder through checking index=_internal. According to another post above - .sh inputs won't necessarily work easily (which are like the top 4 that I enabled to test out at the top of the inputs.conf file). So it was "working" the whole time, just receiving errors for those specific inputs.
