Splunk Enterprise

Not getting events from sourcetype Unix:Uptime from Splunk Add-On from unix and linux (uptime.sh)

mayankrojo
Explorer

Hello,

I am not getting events from the uptime.sh which gives system date and uptime information via the shell command. This script is a part of Splunk Add-On for Unix and Linux which is installed on the universal forwarder. I am getting data from other inputs like cpu.sh, vmstat.sh, df.sh etc...but not only from uptime.sh. I check the disabled is also set to false and in sync with other stanzas like the stanzas of cpu,vmstat etc. Any insights into if I am missing anything?

 

Labels (2)
0 Karma

SinghK
Builder

Check the bin folder see if there any scripts which have different permissions than those of working ones.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

You should try to run this script as user which are running UF client. Also try it with splunk cmd …../path/to/script. Then if/when needed fix reported errors.

0 Karma

mayankrojo
Explorer

I am getting the data when i run the uptime.sh script from command line. But I am not getting the data in Splunk.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

If you are run it with "splunk" user and with command 

/opt/splunkforward/splunk/bin/splunk cmd /path/to/script/uptime.sh

And get answer then it should works.

Have you gotten anything into _internal logs on that client? Check also local log files under ..../splunk/var/log/splunk

r. Ismo 

0 Karma

mayankrojo
Explorer

I checked with the permissions of the script in the default folder. It is exactly the same like others.

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...