Other deployment considerations
In many applications, the Splunk Add-on for Unix and Linux installs on a *nix server and collects data from that server. You then use Splunk Web and the Splunk App for Unix and Linux (or another Splunk app) to gain insight into that data.
Additional uses for the add-on
There are additional uses for the app and add-on:
- You can use the add-on to collect *nix data from a number of *nix hosts by installing a universal forwarder on each host and deploying the app to those forwarders. After each forwarder receives the add-on, you can then forward the data to a receiving indexer that runs the full app. See Deploy the Splunk App-on for Unix and Linux in a distributed Splunk environment for additional information and instructions.
- You can also install the add-on on an indexer to provide data inputs for another app on that indexer, such as Splunk Enterprise Security.
- If you install the Splunk App for Unix and Linux in a distributed environment and have configured the search heads in that environment to send data to the indexers, you might need to deploy the
indexes.conffile that comes with the Splunk Supporting Add-on for Unix and Linux component (
SA-nix/default/indexes.conf) onto your indexers to ensure that the
unix_summarysummary index is available. Failure to do so might cause issues with alerts for the app, as alerts use this special index.
What data the Splunk Add-on for Unix and Linux collects
What a Splunk App for Unix and Linux deployment looks like
This documentation applies to the following versions of Splunk® Add-on for Unix and Linux: 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4