Install the Splunk Add-on for Linux
- Get the Splunk Add-on for Linux by downloading it from https://splunkbase.splunk.com/app/3412 or browsing to it using the app browser within Splunk Web.
- Determine where and how to install this add-on in your deployment, using the tables on this page.
- Perform any prerequisite steps before installing, if required and specified in the tables on this page.
- Complete your installation.
If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, Splunk Cloud, or Splunk Light.
Distributed deployments
Use the tables on this page to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.
Where to install this add-on
All supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of Splunk Enterprise:
| Splunk platform instance type | Supported | Required | Actions required / Comments | |
|---|---|---|---|---|
| Search heads | Yes | Yes | Install this add-on to all search heads where Linux knowledge management is required. | |
| Indexers | Yes | Conditional | Not required if you use heavy forwarders to collect data because the parsing operations occur on the heavy forwarders. Required if you use universal or light forwarders to collect data. | |
| Heavy forwarders | Yes | Conditional | This add-on supports forwarders of any type for data collection. Not required if you use universal/light forwarders to collect data. Required if you use heavy forwarders to collect data. | |
| Universal forwarders | ||||
| Light forwarders |
Distributed deployment feature compatibility
This table describes the compatibility of this add-on with Splunk distributed deployment features:
| Distributed deployment feature | Supported | Actions required |
|---|---|---|
| Search head clusters | Yes | Disable add-on visibility on search heads. You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection. Before installing this add-on to a cluster, make the following changes to the add-on package: 1. Remove the eventgen.conf file and all files in the samples folder.
|
| Indexer Clusters | Yes | Before installing this add-on to a cluster, make the following changes to the add-on package: 1. Remove the eventgen.conf file and all files in the samples folder.
|
| Deployment Server | No | Supported for deploying unconfigured add-ons only.
Using a deployment server to deploy the configured add-on to multiple forwarders acting as data collectors causes data duplication. The add-on uses the credential vault to secure your credentials, and this credential management solution is incompatible with the deployment server. |
Installation walkthroughs
The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.
For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:
| Installation and configuration overview for the Splunk Add-on for Linux | Configure CollectD to send data to the Splunk Add-on for Linux |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!