Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to set up "Splunk Add-on for Unix and Linux" on SH for ingested data from UF

ojay
Path Finder
‎05-15-2021 05:36 AM

Hi all,

I am really new to this so please bear with me.

I have a Indexer cluster , SH and a DS and one server where the UF is sending data to the indexers.

It is recommended to install the  "Splunk Add-on for Unix and Linux" on on the SH right?

Now how do I configure it there. I  chose the File and directory input but I only get error messages for the scripted metrics and events inputs. and I can not pick the Index.

"Search produced no results." is the error message in the UI.

I'm confused.

Can someone please help me with this?

Thank you so much,

Oj.

Labels (1)
Labels
0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-15-2021 06:11 AM

@ojay 

For ingested data, it is just required to install Add-on on SH , it is not required to configure on SH. The purpose of installing on SH is for search time extractions of ingested data. 

 

Screenshot 2021-05-15 at 6.39.07 PM.png

Please go through this link for more info.

https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Install

 

Thanks
KV
▄︻̷̿┻̿═━一

If this reply helps you, an upvote would be appreciated.

0 Karma
Reply

ojay
Path Finder
‎05-15-2021 06:49 AM

Thanks for the quick response!

So it is required on the indexers. I will install it indexer cluster using the master node.

But then what? Do I need to install it on the UF? I dont find the "comments" useful in the UF section.

And also from where do I configure it then? most probably not from the index cluster right?

Best,

O.

0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-16-2021 07:28 AM

@ojay 

The Splunk Add-on for Unix and Linux allows a Splunk software administrator to collect *nix data from *nix hosts. Install the Splunk Add-on for Unix and Linux on a forwarder to send data from any number of *nix hosts to a Splunk Enterprise indexer or group of indexers.

Here,

hosts are the machine from where you want to collect data.

forwarder can be UF or HFs, which will be installed on hosts (the machine from where you want to collect data)   as per your requirement which will send data to group of indexer(s) Or indexer Cluster.  Here you need to install Splunk Add-on for Unix and Linux addon and need to configure (enable) for data collection. 

Indexer you need to install Splunk Add-on for Unix and Linux on indexer also for event parsing and ingest. 

SH you need to install Splunk Add-on for Unix and Linux on SH also for Search time extractions.

 

https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/About

 

Your Answers:

You can find the comments column in link. looks like below image.

Screenshot 2021-05-16 at 7.23.54 PM.png

For configuration, please check this. You will find your most of the answers.

https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Enabledataandscriptedinputs

Where to Install addon. 

https://docs.splunk.com/Documentation/AddOns/released/Overview/Wheretoinstall

 

I hope you will get your solution, you can ask in case.

 

Thanks
KV
▄︻̷̿┻̿═━一

If this reply helps you, an upvote would be appreciated.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...