Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

Acrobat logo Download manual as PDF


On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk App for Unix and Linux.

What's new

Here's what's new in the latest version of the Splunk App for Unix and Linux:

Publication date Defect number Description
2015-11-13 N/A Bug fixes.
2015-11-13 TAG-9619 The app now has support for search head clusters.

Current known issues

The Splunk App for Unix and Linux has the following known issues:

Publication date Defect number Description
2016-2-29 TAG-10770 When you upgrade to Splunk Enterprise 6.3.3 or later, Splunk Enterprise generates the following messages on startup:

Invalid key in stanza [ui] in /opt/splunk/etc/apps/splunk_app_for_nix/default/app.conf, line 15: attribution_link (value: app.attributions). Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'

These messages can be safely ignored.

2015-11-13 TAG-9506 When you switch to the app, sometimes the system bar appears as it did in Splunk Enterprise version 5 or earlier.
2015-11-13 TAG-9620 Search head clusters do not replicate some of the lookup tables for the app.
2015-11-13 TAG-9872 On Splunk Cloud instances, you cannot add data during the first-time run experience.
2015-9-21 TAG-9872 On a Splunk Cloud instance, the app does not let you add new sources during the first-time run if there are no preexisting sources.
2015-9-21 TAG-9577 A configuration problem with the Splunk Supporting Add-on for Unix and Linux could cause reduced indexing performance if you install it on indexers. To avoid this issue, follow the updated documentation on installing the add-on.
2015-9-21 TAG-9313 The "Home" and "Metrics" views sometimes do not display any data. To work around the problem, edit web.conf on the Splunk Enterprise instance that runs the app and add the following section: 
[settings]
minify_js = True
2015-9-21 TAG-9210 The "Recent Headlines" page only displays one host for an alert, even if there are multiple hosts for an alert.
2015-9-21 TAG-4262 On Mac OS X systems, all scripted inputs fail on directories whose names contain spaces.
Before 2015-9-21 None On HP/UX systems, there is no way to obtain the number of threads on a system. This means that the vmstat scripted inputs will always return "?" for threads columns on HP/UX.
2015-9-21 TAG-4261 On Solaris systems, the hardware.sh scripted input sometimes returns empty values for some entries.
2015-9-21 TAG-4211 The Splunk Add-on for Unix and Linux collects system audit log data twice by default.

Change Log (what's been fixed)

Publication date Defect number Description
2015-11-13 TAG-9619 The app now has support for search head clusters.
Last modified on 27 February, 2016
PREVIOUS
Search macros 		  NEXT
Third-party software attributions/credits

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 5.1.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters