Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Where to install an app?

bkcarter
Path Finder
‎03-28-2013 03:39 PM

One of the challenges I am finding with Splunk is WHERE to install the different pieces. I have an environment with Indexer, Search Heads, multiple forwarders of various types including Universal Forwarders. Where would this app Splunk for Unix/Linux) be installed at? Search Head? Indexer? All of the above? Please clarify for me. Thanks

Tags (1)
Reply

BobM
Builder
‎03-28-2013 04:00 PM

The simple answer is the main app "Splunk for Unix and Linux" goes on the search head and "Splunk for Unix and Linux technology add-on" goes on the indexers and any forwarders collecting Unix/Linux data.

Reply

malmoore
Splunk Employee
Splunk Employee
‎03-28-2013 09:01 PM

Hi Bkcarter (and sowings):

We're updating the Unix app documentation to help reduce confusion and the presumption that Unix App users will automatically know where everything goes. The next version of the Unix App docs will have extensive information on how to deploy the app in distributed environments, cross-platform compatibility, and more. This version will initially get deployment location info.

While we can't possibly document every potential use case for these apps and add-ons, your feedback helps us ensure that the most relevant ones have representation.

0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎03-28-2013 08:18 PM

And the Windows app complains when it's run on a Linux search head! You can safely ignore that error (and rest assured that it's going away when the apps are updated).

The general rule is that a "Technology Add-On" may contain rules for parsing and / or data collection, and will therefore need to go on non search head machines (that would include indexers and forwarders, such as user desktops).

The app itself will search against the data collected by the TA to provide meaning from the content.

The application README should (hopefully) spell this out.

0 Karma
Reply

bkcarter
Path Finder
‎03-28-2013 08:03 PM

Thank you. I can find a lot of documentation on Apps and add-ons, but I have yet to see something that explains what should go where and why. One of the challenges with Splunk is that it is so flexible, and all of the documentation just assumes that you know where everything goes.

So my Search Head is a Windows machine and my Indexer is Linux. When I install the app on the Head it complains that it is not a Linux box. This confuses me even more.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...