Enable data and scripted inputs for the Splunk Add-on for Unix and Linux
After you have installed the Splunk Add-on for Unix and Linux, you must enable the data and scripted inputs within the add-on so that it collects data from your data collection nodes.
The Splunk Add-on for Unix and Linux has a configuration page which lets you enable the inputs from within Splunk Web. This page is only available on Heavy Forwarders and full instances of Splunk Enterprise. Use this option when you are collecting data from a server with a full instance of Splunk Enterprise installed.
On a Universal Forwarder, you must enable the inputs using the configuration files.
Enable the data and scripted inputs from within Splunk Web
When you configure the add-on from within Splunk Web, the configuration page has into two sections: The File and Directory Inputs section and the Scripted Inputs section.
- Log into the Splunk Enterprise instance installed on the server from which you want to collect data.
- Activate the Splunk Add-on for Unix and Linux. Locate the Splunk Add-on for Unix and Linux on the Apps page, and click the Set up link in the row for the Splunk Add-on for Unix and Linux.
- In the File and Directory Inputs section of the configuration page, click the radio buttons below Enable or Disable to enable or disable the input for the specified file or directory. You can also click the (All) link next to either Enable or Disable to enable all of the displayed inputs.
- In the Scripted Inputs section, click the radio buttons below Enable or Disable to enable or disable the input for the specified script (as shown under Name.) You can also click the (All) link next to Enable or Disable to enable or disable all of the displayed scripted inputs.
- (Optional) Set the interval for a script by entering a positive number in the Interval text box for each script. For example, if you want the
cpu.shscript to run once an hour, type in
3600in the "Interval" text box for
- Click Save.
Enable the data and scripted inputs with configuration files
When you configure data and scripted inputs using configuration files, copy only the input stanzas whose configurations you want to change. Do not copy the entire file, as those changes persist even after an upgrade.
- Copy the input stanza text that you want to enable from the
$SPLUNK_HOME/etc/apps/Splunk_TA_nix/default/inputs.conffile and paste them into the
- In the
$SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conffile, enable the inputs that you want the add-on to monitor by setting the
disabledattribute for each input stanza to 0.
- Save the
- Restart the Splunk platform.
Upgrade the Splunk Add-on for Unix and Linux
Troubleshoot the Splunk Add-on for Unix and Linux
This documentation applies to the following versions of Splunk® Supported Add-ons: released