Migrate from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports
The Content Pack for Unix Dashboards and Reports replicates the dashboards and reports available in the Splunk App for Unix and Linux. Users of ITSI or IT Essentials Work can migrate from the legacy app to the content pack to take advantage of a consolidated experience. In addition, migrating means you can upgrade all content packs by upgrading the one app, the Splunk App for Content Packs.
On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to the Content Pack for Unix Dashboards and Reports.
If you are currently using the Splunk App for Unix and Linux, your deployment might be installed as shown in the following table:
Data collection node | Indexer | Search head | |
---|---|---|---|
Splunk Add-on for Unix and Linux | ✓ | ✓ | ✓ |
Splunk App for Unix and Linux | ✓ |
You can review the dashboards included in the Content Pack for Unix Dashboards and Reports before you migrate. See, Use the Content Pack for Unix Dashboards and Reports.
Migration options
You have two options for migrating to the Content Pack for Content Pack for Unix Dashboards and Reports:
- One option is to disable the Splunk App for Unix and Linux to use the same environment. This migration option is fastest but results in an interruption of user access to your associated dashboards and knowledge objects.
- Your second option is to configure Content Pack for Unix Dashboards and Reports in a new environment. Choose this option to avoid an interruption of user access to your associated dashboards and knowledge objects.
If you choose the option of using the same environment, you must disable the Splunk App for Unix and Linux before installing the Content Pack for Unix Dashboards and Reports. Both the app and content pack use the same knowledge objects, with the same definitions, and cannot be on the same search head.
Disable the Splunk App for Unix and Linux to use the same environment
The first option for migrating from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports is to disable the Splunk App for Unix and Linux to use the same environment. Failure to first disable the Splunk App for Unix and Linux can cause knowledge object conflicts.
Disable the legacy app and install the Splunk App for Content Packs
Follow these steps to use your existing Splunk App for Unix and Linux environment search heads to install the Content Pack for Content Pack for Unix Dashboards and Reports:
- On all search heads where the Splunk App for Unix and Linux is located, go to Apps > Manage Apps.
- Locate the Splunk App for Unix and Linux and select Disable. If the Disable button isn't available, follow these steps:
- Stop your Splunk platform deployment.
cd $SPLUNK_HOME/bin ./splunk stop
- On all the search heads, go to $SPLUNK_HOME/etc/apps/splunk_app_for_nix/local/app.conf. If a local directory doesn't exist, create one and create an app.conf file and add a
state = disabled
setting:[install] state = disabled
- Start your Splunk platform deployment:
cd $SPLUNK_HOME/bin ./splunk start
After disabling the app, associated dashboards and knowledge objects won't be accessible, and the knowledge objects won't run or perform any action.
- Stop your Splunk platform deployment.
- Install IT Service Intelligence (ITSI) or IT Essentials Work on the same search head with Unix or Linux data according to your type of deployment. Refer to these topics in the Splunk IT Service Intelligence Install and Upgrade Manual:
- See Install Splunk IT Service Intelligence on a single instance in the ITSI Install and Upgrade Manual.
- See Install Splunk IT Service intelligence in a distributed environment in the ITSI Install and Upgrade Manual.
- See Install IT Service Intelligence in a search head cluster environment in the ITSI Install and Upgrade Manual.
- See Install IT Essentials Work in the ITSI Install manual.
- Install the Splunk App for Content Packs according to your type of deployment:
- See Install the Splunk App for Content Packs on a single, on-premises environment in the Splunk App for Content Packs Overview of the Splunk App for Content Packs manual.
- See Install the Splunk App for Content Packs on a search head cluster environment in the Splunk App for Content Packs Overview of the Splunk App for Content Packs manual.
- See Install the Splunk App for Content Packs on a distributed environment in the Splunk App for Content Packs Overview of the Splunk App for Content Packs manual.
After following the previous steps, the deployment is installed as shown in the following table:
Data collection node | Indexer | Search head | |
---|---|---|---|
Splunk Add-on for Unix and Linux | ✓ | ✓ | ✓ |
Splunk App for Unix and Linux | Disabled | ||
ITSI or IT Essentials Work | ✓ | ✓ | |
Splunk App for Content Packs | ✓ |
Install and configure the content pack
You can now install the content pack and make configurations:
- Make sure the *nix data collected using Splunk Add-on for Unix and Linux is searchable from the search head where you installed the Splunk App for Content Packs.
- Install the Content Pack for Unix Dashboards and Reports. See Install the Content Pack for Unix Dashboards and Reports.
- Configure the Content Pack for Unix Dashboards and Reports. See Configure the Content Pack for Unix Dashboards and Reports.
Access the dashboards in the content pack
You can now access the dashboards from the content pack:
- In Splunk Web, open ITSI or IT Essentials Work.
- From the main navigation bar choose Dashboards > Dashboards.
- From the list of dashboards, those with the App name DA-ITSI-CP-unix-dashboards are dashboards from the Content Pack for Unix Dashboards and Reports. Select the dashboard title to open the dashboard.
Configure the Content Pack for Unix Dashboards and Reports in a new environment
The second option for migrating from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports is to configure the content pack in a new environment.
To configure the content pack in a new environment, create a test environment and perform the following steps to set up the Content Pack for Unix Dashboards and Reports:
- After installing the Splunk App for Content Packs, install the content pack in your test environment. For detailed steps, see Install the Content Pack for Unix Dashboards and Reports.
- Once you complete testing the content pack in your test environment, install the content pack in your production environment. For detailed steps, see Install the Content Pack for Unix Dashboards and Reports
- Once installation in your production environment is complete, configure the content pack. For detailed steps, see Configure the Content Pack for Unix Dashboards and Reports.
Install the Content Pack for Unix Dashboards and Reports | Configure the Content Pack for Unix and Dashboards and Reports |
This documentation applies to the following versions of Content Pack for Unix Dashboards and Reports: 1.1.0, 1.1.1, 1.1.2
Feedback submitted, thanks!