Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.

Configuration

This topic explains what happens when you activate the app after installing it on your Splunk instance. It show you how to enable or disable the inputs that come with the app, and can be used as a reference.

New for version 4.6, you can configure the Splunk App for Unix and Linux directly from the command line. For specific instructions on how to do so, read "Configure from the command line" later in this topic.

You can use Splunk Manager, the Splunk CLI, or Splunk configuration files to enable, disable, or edit configurations for the Splunk for Unix and Linux app and add-on.

Navigating to the Setup Page

When you access the app as a Splunk admin, you can always click on the Setup link on the far right of the app's main navigation to access the setup page.

App Setup Notification

Additionally, when you access the app for the first time, you will see a dialog box like the following:

Unixconfmodal.png

If you are a Splunk admin, this dialog box indicates that you need to configure the app before it can begin gathering information about your system.

If you are a Splunk user but not a Splunk admin, this dialog box will allow you to ignore this warning when you visit the app again. Make sure that you report to your Splunk admin that the app might require additional configuration.

Note: Splunk Manager will no longer display a setup link for this app. Setup and notification now occurs in the main content of the app rather than in Manager.

Configure from within Splunk Web

To configure the Splunk App for Unix and Linux:

1. Navigate to the Setup page, either by clicking Configure from the app setup notification dialogue or by clicking Setup on the app's main navigation.

2. Select the file and directory inputs that you want to enable for the app. Or, click (All) next to the Enable column to enable all of the inputs.

3. Select the scripted inputs that you want to enable for the app. Or, click (All) next to the Enable column to enable them all.

4. Optionally, you can change the intervals at which enabled scripted inputs are triggered. Do this by typing in a number, in seconds, in the entry box for the desired scripted input.

  • For example, if you want the hardware.sh scripted input to run more than the default of once every 36000 seconds (10 hours), then select that input's entry box and type in the desired interval.

5. Once you are satisfied with the configuration of the inputs, save the configuration by clicking Save.

6. On the Splunk *nix App Setup Success page, click OK to be taken to the app's home page.

Configure from the command line

To configure the Splunk App for Unix and Linux from the command line, use the setup.sh command:

$SPLUNK_HOME/bin/splunk cmd $SPLUNK_HOME/etc/apps/unix/bin/setup.sh

Usage

setup.sh has the following arguments:

       (no argument)   menu-based setup
       --auth          credentials (user:pass) for specified command
       --clone-all     clone input configuration from local to remote
       --disable-all   disable all inputs
       --disable-input input to be disabled
       --enable-all    enable all inputs
       --enable-input  input to be enabled
       --help          print usage and exit
       --install-app   install the app at the given location
       --interval      set input to given interval
       --list-all      show details all inputs
       --list-input    show details for input
       --usage, --?    print usage and exit
       --uri           remote uri (https://host:port) to use

Examples

To set cpu.sh interval to 120 seconds (with auth prompt):

           setup.sh --interval cpu.sh 120

To disable all local inputs (with no auth prompt):

           setup.sh --disable-all --auth admin:changeme1

To show input status on remote host foobar:

           setup.sh --list-all --uri https://foobar:8089

To update the unix app from your-server on the remote host foobar:

           setup.sh --install-app https://your-server/unix.spl --uri https://foobar:8089

To copy the local input configuration to the remote host foobar:

           setup.sh --clone-all --uri https://foobar:8089
Last modified on 06 September, 2012
Log in and get started   Dashboard reference

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.6


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters