We have 90 AIX/Unix servers. We are planning to implement Splunk on them. Now I have 2 to 3 test servers with me. Can you please explain me where to install the splunk applications and step by step procedure? For example:
ser1- splunk app(server) ser2- splunk forwarder with addon (client1) ser3- splunk forwarder with addon (client2)
If the above is correct, could you please explain the step by step procedure to deploy Splunk for system monitoring?
the "Splunk Add-on for Unix and Linux" on the indexers (for the indexes and sourcetype definitions), and on the forwarders (for the monitoring inputs and scripts)
download here https://apps.splunk.com/app/833
The extra step will be to preconfigure the add-on to enable the inputs you want before deploying it to the forwarders.
I recommend to use a full standalone splunk install, install the add-on, and enable the inputs using the UI. Then once satisfied, use this configured app (the modified setting must be in the $SPLUNK_HOME/etc/apps/appname/local/ folder if you want to check)
If you have a large number of Unix forwarders to monitor, you may want to use the deployment-server to deploy the preconfigured app at once.