Platform and hardware requirements
Hardware and operating system requirements
The Splunk Add-on for Unix and Linux installs on Splunk instances that run on many versions of Unix, including Linux, Solaris, AIX, and HP/UX.
Distributed installation of this add-on
This table provides a reference for installing the add-on onto a distributed deployment of Splunk Enterprise.
| Splunk instance type | Supported | Required | Comments |
|---|---|---|---|
| Search Heads | Yes | Yes | If you want *nix data from a host that acts as a search head, install the add-on there. The host must run a supported version of *nix. You can configure the add-on through Splunk Web or the setup.sh command line interface. If you install splunk_TA_nix on forwarders, you must also install it on the search heads on which you have installed splunk_app_for_nix.
|
| Indexers | Yes | Yes | The host must run a supported version of *nix. You can configure the add-on through Splunk Web or the setup.sh command line interface. If you install splunk_TA_nix on forwarders, you must also install it on the indexers on which you have installed splunk_app_for_nix.
|
| Heavy Forwarders | Yes | No | The host must run a supported version of *nix. |
| Universal Forwarders | Yes | Yes | You must install the add-on into a universal forwarder on a host to get data from that host. The host must run a supported version of *nix. You must perform all configuration through the setup.sh command line interface.
|
| Light Forwarders | Yes | No | The host must run a supported version of *nix. |
Distributed deployment compatibility
This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.
| Distributed deployment feature | Supported | Comments |
|---|---|---|
| Search Head Clusters | Yes | |
| Indexer Clusters | Yes | To get data from an indexer cluster member, install the add-on into that member. |
| Deployment Server | Yes | You can deploy the add-on to indexers, forwarders, and search heads. |
Official support
The Splunk Add-on for Unix and Linux supports most versions of *nix that appear in the Unix operating systems section of the Splunk Enterprise Installation Manual. Here is the list of the exceptions: Solaris 10, Solaris 11 and RHEL 7.
What other items does the add-on require?
The Splunk Add-on for Unix and Linux requires the sysstat software package to function properly. You can download the sysstat utilities from the sysstat utilities download page or from your local package repository (depending on the version of *nix your host runs.)
On RHEL 7 and CentOS 7, the Splunk Add-on for Unix and Linux requires the net-tools software package to function properly. You can install the net-tools utilities from the OS' package repository using the command "sudo yum install net-tools".
What versions of Splunk do the app and add-on support?
All instances of Splunk Enterprise in a Splunk for Unix and Linux deployment must run version 5.0 or later.
Download the correct version for your architecture and platform.
| How to get support and find more information about Splunk | What data the Splunk Add-on for Unix and Linux collects |
This documentation applies to the following versions of Splunk® Add-on for Unix and Linux (Legacy): 5.2.4
Download manual
Feedback submitted, thanks!