Not getting events from sourcetype Unix:Uptime fro...

mayankrojo · ‎01-11-2022

Hello,

I am not getting events from the uptime.sh which gives system date and uptime information via the shell command. This script is a part of Splunk Add-On for Unix and Linux which is installed on the universal forwarder. I am getting data from other inputs like cpu.sh, vmstat.sh, df.sh etc...but not only from uptime.sh. I check the disabled is also set to false and in sync with other stanzas like the stanzas of cpu,vmstat etc. Any insights into if I am missing anything?

SinghK · ‎01-11-2022

Check the bin folder see if there any scripts which have different permissions than those of working ones.

isoutamo · ‎01-11-2022

You should try to run this script as user which are running UF client. Also try it with splunk cmd …../path/to/script. Then if/when needed fix reported errors.

mayankrojo · ‎01-11-2022

I am getting the data when i run the uptime.sh script from command line. But I am not getting the data in Splunk.

isoutamo · ‎01-12-2022

If you are run it with "splunk" user and with command

/opt/splunkforward/splunk/bin/splunk cmd /path/to/script/uptime.sh

And get answer then it should works.

Have you gotten anything into _internal logs on that client? Check also local log files under ..../splunk/var/log/splunk

r. Ismo

mayankrojo · ‎01-11-2022

I checked with the permissions of the script in the default folder. It is exactly the same like others.

Not getting events from sourcetype Unix:Uptime from Splunk Add-On from unix and linux (uptime.sh)

troubleshooting

using Splunk Enterprise

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Are you a member of the Splunk Community?