Content Pack for Unix Dashboards and Reports

Content Pack for Unix Dashboards and Reports

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Migrate from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports

The Content Pack for Unix Dashboards and Reports replicates the dashboards and reports available in the Splunk App for Unix and Linux. Users of ITSI or IT Essentials Work can migrate from the legacy app to the content pack to take advantage of a consolidated experience. In addition, migrating means you can upgrade all content packs by upgrading the one app, the Splunk App for Content Packs.

On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to the Content Pack for Unix Dashboards and Reports.

Migration steps for a cloud environment

For Migration on Cloud, file a ticket to submit a support case through the Splunk Support Portal. Splunk Cloud TechOps will assist you with migration from Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports.

Migration steps for an on-premises standalone or distributed environment

This section explains how to prepare for and execute a successful migration to the Content Pack for Unix Dashboards and Reports.

Migration options

You have two options for migrating to the Content Pack for Content Pack for Unix Dashboards and Reports:

If you choose the option of using the same environment, you must disable the Splunk App for Unix and Linux before installing the Content Pack for Unix Dashboards and Reports. Both the app and content pack use the same knowledge objects with the same definitions, and cannot be on the same search head.

Steps to migrate from Splunk App for Unix and Linux to Content Pack for Unix Dashboards and Reports

Before migrating to Content Pack for Unix Dashboards and Reports, make sure to make a backup of your custom configurations and lookups.

Before you migrate

  1. Make a backup of the following directories present in the splunk_app_for_nix package in the $SPLUNK_HOME/etc/apps directory on each search head:
    1. /local directory which contains all the local configurations under conf files
    2. /lookups directory which contains the CSV lookups
    3. /metadata/local.meta directory which contains the updated permissions for the Knowledge Objects
  2. Take backup from the ui-prefs of splunk_app_for_nix for each user from /opt/splunk/etc/users/.

If you are currently using the Splunk App for Unix and Linux, your deployment might be installed as shown in the following table:

Data collection node Indexer Search head
Splunk Add-on for Unix and Linux
Splunk App for Unix and Linux

You can review the dashboards included in the Content Pack for Unix Dashboards and Reports before you migrate. See Use the Content Pack for Unix Dashboards and Reports. The first option for migrating from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports is to disable the Splunk App for Unix and Linux so that the content pack can use the same environment. Failure to first disable the Splunk App for Unix and Linux can cause knowledge object conflicts.

Use the steps below to migrate from Splunk App for Unix and Linux to Content Pack for Unix Dashboards and Reports.

  1. To disable the Splunk App for Unix and Linux, go to Apps > Manage Apps.
  2. Locate the Splunk App for Unix and Linux and select Disable. If the Disable button isn't available, follow these steps:
    1. Stop your Splunk platform deployment. 
      cd $SPLUNK_HOME/bin
./splunk stop
    2. On each of the search heads in your deployment, go to $SPLUNK_HOME/etc/apps/splunk_app_for_nix/local/app.conf. If a local directory does not exist, create one and create an app.conf file and edit the state property of the install stanza as shown: 
      [install]
state = disabled
    3. Start your Splunk platform deployment instance in either of the following ways: 
      cd $SPLUNK_HOME/bin/
./splunk start

      If you do not need to navigate to the directory with a cd command, use the following syntax: 

      $SPLUNK_HOME/bin/splunk start

    After disabling the app, associated dashboards and knowledge objects won't be accessible, and the knowledge objects won't run or perform any action.

  3. Install IT Service Intelligence (ITSI) or IT Essentials Work (ITE Work) on the same search head with Unix or Linux data according to your type of deployment. Refer to these topics in the Splunk IT Service Intelligence Install and Upgrade Manual:
    1. See Install Splunk IT Service Intelligence on a single instance in the ITSI Install and Upgrade Manual.
    2. See Install Splunk IT Service intelligence in a distributed environment in the ITSI Install and Upgrade Manual.
    3. See Install IT Service Intelligence in a search head cluster environment in the ITSI Install and Upgrade Manual.
    4. See Install IT Essentials Work in the ITSI Install manual.
  4. Install the Splunk App for Content Packs according to your type of deployment:
    1. See Install the Splunk App for Content Packs on a single, on-premises environment in the Splunk App for Content Packs Overview of the Splunk App for Content Packs manual.
    2. See Install the Splunk App for Content Packs on a search head cluster environment in the Splunk App for Content Packs Overview of the Splunk App for Content Packs manual.
    3. See Install the Splunk App for Content Packs on a distributed environment in the Splunk App for Content Packs Overview of the Splunk App for Content Packs manual.

When you've completed the steps above, the deployment is installed as shown in the following table:

Data collection node Indexer Search head
Splunk Add-on for Unix and Linux
Splunk App for Unix and Linux Disabled
ITSI or IT Essentials Work
Splunk App for Content Packs

After you migrate

After migrating, perform the following steps on each Search Head in your deployment:

  1. Move the following directories from the App package to the DA-ITSI-CP-unix-dashboards folder that you backed up while going through the prerequisites for migration.
    1. /local directory collected from the app that contains all the local configurations
    2. /lookups directory
    3. /metadata/local.meta directory
  2. Remove the app.conf file from local directory.
  3. Migrate ui-prefs by renaming the folder splunk_app_for_nix to DA-ITSI-CP-unix-dashboards for each user under $SPLUNK_HOME/etc/users/ directory. (Perform this step on each search head if your environment is distributed)

mv $SPLUNK_HOME/etc/users/admin/splunk_app_for_nix $SPLUNK_HOME/etc/users/admin/DA-ITSI-CP-unix-dashboards
  1. Restart the instance.

$SPLUNK_HOME/bin/splunk restart

Install and configure the content pack

You can now install the content pack and make configurations:

  1. Make sure the *nix data collected using Splunk Add-on for Unix and Linux is searchable from the search head where you installed the Splunk App for Content Packs.
  2. Install the Content Pack for Unix Dashboards and Reports. See Install the Content Pack for Unix Dashboards and Reports.
  3. Configure the Content Pack for Unix Dashboards and Reports. See Configure the Content Pack for Unix Dashboards and Reports.

Access the dashboards in the content pack

You can now access the dashboards from the content pack:

  1. In Splunk Web, open ITSI or IT Essentials Work.
  2. From the main navigation bar choose Dashboards > Dashboards.
  3. In the list of dashboards, those with the App name DA-ITSI-CP-unix-dashboards are dashboards from the Content Pack for Unix Dashboards and Reports. Select the dashboard title to open the dashboard.

Configure the Content Pack for Unix Dashboards and Reports in a new environment

The second option for migrating from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports is to configure the content pack in a new environment.

To configure the content pack in a new environment, create a test environment and perform the following steps to set up the Content Pack for Unix Dashboards and Reports:

  1. After installing the Splunk App for Content Packs, install the content pack in your test environment. For detailed steps, see Install the Content Pack for Unix Dashboards and Reports.
  2. Once you complete testing the content pack in your test environment, install the content pack in your production environment. For detailed steps, see Install the Content Pack for Unix Dashboards and Reports
  3. Once installation in your production environment is complete, configure the content pack. For detailed steps, see Configure the Content Pack for Unix Dashboards and Reports.
Last modified on 30 August, 2022
PREVIOUS
Install the Content Pack for Unix Dashboards and Reports 		  NEXT
Configure the Content Pack for Unix and Dashboards and Reports

This documentation applies to the following versions of Content Pack for Unix Dashboards and Reports: 1.1.3, 1.1.4, 1.1.5

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters