Content Pack for Unix Dashboards and Reports

Content Pack for Unix Dashboards and Reports

This documentation does not apply to the most recent version of Content Pack for Unix Dashboards and Reports. For documentation on the most recent version, go to the latest release.

Install the Content Pack for Unix Dashboards and Reports

Perform the following high-level steps to install the Content Pack for Unix Dashboards and Reports:

  1. Install and configure the Splunk Add-on for Unix and Linux.
  2. Install the Content Pack for Unix Dashboards and Reports.
  3. Create indexes.

Prerequisite

Install and configure the IT Service Intelligence (ITSI) or IT Essentials Work App in your environment. See About Splunk ITSI in the Install and Upgrade Manual, or Install IT Essentials Work in the Overview of Splunk IT Essentials Work manual.

Install and configure the Splunk Add-on for Unix and Linux

The Content Pack for Unix Dashboards and Reports relies on data collected by the Splunk Add-on for Unix and Linux.

To learn more about how to enable inputs in the Splunk Add-on for Unix and Linux, see Enable data and scripted inputs for the Splunk Add-on for Unix and Linux in the Splunk Add-on for Unix and Linux manual.

The following table shows the installation locations on the distributed environment for the content pack and the add-on:

Component Search head /cluster Indexer / cluster Forwarder
Content Pack for Unix Dashboards and Reports x
Splunk Add-on for Unix and Linux x x x

You can ​​automatically create entities and collect data on a recurring basis with ITSI entity integrations. The Unix and Linux entity integration uses the metrics index of itsi_im_metrics to store the metrics data collected by the Splunk Add-on for Unix and Linux. However, the content pack only works with the events index of macros os_index for events data. If you use both entity integration and the content pack, you must consider ingesting data for certain fields in both metrics and events indexes. For more information, see About Unix and Linux entity integration in ITSI, and Collect *nix data in ITSI with the Splunk Add-on for Unix and Linux

Install the Content Pack for Unix Dashboards and Reports

The Splunk App for Content Packs allows you to access content packs, preview their contents, and install them in your environment. The Splunk App for Content Packs includes the Content Pack for Unix Dashboards and Reports.

The content pack contents are automatically installed and start running when you install the Splunk App for Content Packs on the search head where you installed ITSI or IT Essentials Work.

Refer to the Splunk App for Content Packs installation instructions to install the Splunk App for Content Packs in your environment.

Create indexes

If you are migrating from Splunk App for Unix and Linux to Content Pack for Unix Dashboards and Reports, you don't need need to create the indexes as the content pack is uses the same indexes as the app.

The Content Pack for Unix Dashboards and Reports requires two indexes on the search head for indexing and showing the details of the fired alerts.

Create indexes unix_summary and firedalerts using the following resources:

Last modified on 24 August, 2022
Release notes for the Content Pack for Unix Dashboards and Reports   Migrate from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports

This documentation applies to the following versions of Content Pack for Unix Dashboards and Reports: 1.1.3

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters