Not getting events from sourcetype Unix:Uptime fro...

mayankrojo · ‎01-11-2022

Hello,

I am not getting events from the uptime.sh which gives system date and uptime information via the shell command. This script is a part of Splunk Add-On for Unix and Linux which is installed on the universal forwarder. I am getting data from other inputs like cpu.sh, vmstat.sh, df.sh etc...but not only from uptime.sh. I check the disabled is also set to false and in sync with other stanzas like the stanzas of cpu,vmstat etc. Any insights into if I am missing anything?

SinghK · ‎01-11-2022

Check the bin folder see if there any scripts which have different permissions than those of working ones.

isoutamo · ‎01-11-2022

You should try to run this script as user which are running UF client. Also try it with splunk cmd …../path/to/script. Then if/when needed fix reported errors.

mayankrojo · ‎01-11-2022

I am getting the data when i run the uptime.sh script from command line. But I am not getting the data in Splunk.

isoutamo · ‎01-12-2022

If you are run it with "splunk" user and with command

/opt/splunkforward/splunk/bin/splunk cmd /path/to/script/uptime.sh

And get answer then it should works.

Have you gotten anything into _internal logs on that client? Check also local log files under ..../splunk/var/log/splunk

r. Ismo

mayankrojo · ‎01-11-2022

I checked with the permissions of the script in the default folder. It is exactly the same like others.

Not getting events from sourcetype Unix:Uptime from Splunk Add-On from unix and linux (uptime.sh)

troubleshooting

using Splunk Enterprise

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)