Getting Data In

Splunk Add-On for Linux Compatability

pc1
Path Finder

I am using the Splunk Add-On for Linux on my deployment server (which is a windows server) and trying to use this to collect data from my linux machines that have the universal forwarder connected to my deployment server. I was curious if anyone knows if this is because that add-on isn't compatible - because the server hosting it is Windows? (even though its being deployed to Linux machines). If this is the case - is there any easy work around other than creating another deployment server that is Linux for deploying to my Linux machines?

Labels (3)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Hi

Splunk don't support DS on windows to manage linux/unix clients, only windows nodes can used as clients on that case. You can see the reason for that on above messages.

If you want this to work you must transfer you DS to linux host to handle this. Fortunately DS server on linux can handle also Windows clients, so no need for two DS servers.

r. Ismo

View solution in original post

scelikok
SplunkTrust
SplunkTrust

Unfortunately, I don't know any workaround since Windows does not support it.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

Splunk don't support DS on windows to manage linux/unix clients, only windows nodes can used as clients on that case. You can see the reason for that on above messages.

If you want this to work you must transfer you DS to linux host to handle this. Fortunately DS server on linux can handle also Windows clients, so no need for two DS servers.

r. Ismo

scelikok
SplunkTrust
SplunkTrust

Since Windows cannot manage execute permissions, modular inputs will not run on Linux. If you are only monitoring files on Linux it may work. But *.sh files cannot be executed without execute permission. 

If this reply helps you an upvote and "Accept as Solution" is appreciated.

pc1
Path Finder

Do you know how to give them execute permission? I now see that the few things I enabled in inputs.conf are .sh - and when checking index=_internal I can see that for each of them it says permission denied (Hence why nothing was showing up in the first place and I thought the add-on wouldn't work at all)

Alternatively, if I can't use the .sh monitoring inputs, do you know what else is available from the add-on that would be useful?

0 Karma

venkatasri
SplunkTrust
SplunkTrust

@pc1 Technically your linux machines are phonehome to Deployment Server (DS) installed on Windows OS. As long as they are able to connect to DS and you have the Linux add-on whitelisted to Linux machine using serverclass.conf all should work fine.

Linux Add-on on Windows DS not actually collecting anything on windows rather its just acting as app/add-on repository for your linux/other forwarders to distribute, if your set-up is right shouldn't be a problem. What's the exact issue?

0 Karma

pc1
Path Finder

You're correct, it does work. It took me a while to found the inputs that I enabled were receiving permission denied when trying to run on the forwarder through checking index=_internal. According to another post above -  .sh inputs won't necessarily work easily (which are like the top 4 that I enabled to test out at the top of the inputs.conf file). So it was "working" the whole time, just receiving errors for those specific inputs. 

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...