I am having a problem with my Splunk environment and resource allocation. I’ve been using the *nix app that someone loaded on my Search Head a long time ago to try and analyze what’s going on. It was version 4.5. From what I’ve read, there is a newer, better version of the app called “Splunk App for Unix”. From the documentation I read that I can’t do an update from 4.5 to 5.0.1, but I can run them both in parallel, point the new version to the newer data to get historical data and then kill 4.5 when I’m done.
I loaded version 5.0.1, but I’m having multiple issues with the app.
First, when I go to the “Metrics” page, I’m seeing multiple entries for the name of my Search Head. How and what do I reconfigure to clean this up?
Second, when I select “Select All” under “Host Filter”, in the “Metrics Viewer” side of the page, the time frame only goes to “Last 24 Hours”. Also, only data for 1 server shows data although I have 3 listed.
Under “Settings” I reset “Unix index(es)” by adding “index=main”. But that didn’t help at all. Is it possible to reset this to whatever index the *nix version 4.5 kept its data in? And what would that be?
~Ed
... View more