Hallo,
We have 90 AIX/Unix servers. We are planning to implement Splunk on them. Now I have 2 to 3 test servers with me. Can you please explain me where to install the splunk applications and step by step procedure? For example:
ser1- splunk app(server)
ser2- splunk forwarder with addon (client1)
ser3- splunk forwarder with addon (client2)
If the above is correct, could you please explain the step by step procedure to deploy Splunk for system monitoring?
for details about the deployment
http://docs.splunk.com/Documentation/UnixApp/5.1TA/User/AbouttheSplunkTechnicalAdd-on%28TA%29forUnix...
For the Unix app, you need :
the "Splunk App for Unix and Linux" on the search-head (for the dashboards)
download here https://apps.splunk.com/app/273/
the "Splunk Add-on for Unix and Linux" on the indexers (for the indexes and sourcetype definitions), and on the forwarders (for the monitoring inputs and scripts)
download here https://apps.splunk.com/app/833
The extra step will be to preconfigure the add-on to enable the inputs you want before deploying it to the forwarders.
I recommend to use a full standalone splunk install, install the add-on, and enable the inputs using the UI. Then once satisfied, use this configured app (the modified setting must be in the $SPLUNK_HOME/etc/apps/appname/local/ folder if you want to check)
If you have a large number of Unix forwarders to monitor, you may want to use the deployment-server to deploy the preconfigured app at once.