Migrate from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports
The Content Pack for Unix Dashboards and Reports replicates the dashboards and reports available in the Splunk App for Unix and Linux. Users of ITSI or IT Essentials Work can migrate from the legacy app to the content pack to take advantage of a consolidated experience. In addition, migrating means you can upgrade all content packs by upgrading the one app, the Splunk App for Content Packs.
On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to the Content Pack for Unix Dashboards and Reports.
Migration steps for a cloud environment
For Migration on Cloud, file a ticket to submit a support case through the Splunk Support Portal. Splunk Cloud TechOps will assist you with migration from Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports.
Migration steps for an on-premises standalone or distributed environment
This section explains how to prepare for and execute a successful migration to the Content Pack for Unix Dashboards and Reports.
Migration options
You have two options for migrating to the Content Pack for Content Pack for Unix Dashboards and Reports:
- One option is to use the procedure outlined in Steps to migrate from Splunk App for Unix and Linux to Content Pack for Unix Dashboards and Reports. This migration option is fastest but involves disabling the Splunk App for Unix and Linux so that the Content Pack for Unix Dashboards and Reports can use the same environment. User access to your associated dashboards and knowledge objects will be interrupted temporarily.
- Another option is to configure Content Pack for Unix Dashboards and Reports in a new environment. Choose this option to avoid an interruption of user access to your associated dashboards and knowledge objects.
If you choose the option of using the same environment, you must disable the Splunk App for Unix and Linux before installing the Content Pack for Unix Dashboards and Reports. Both the app and content pack use the same knowledge objects with the same definitions, and cannot be on the same search head.
Steps to migrate from Splunk App for Unix and Linux to Content Pack for Unix Dashboards and Reports
Before migrating to Content Pack for Unix Dashboards and Reports, make sure to make a backup of your custom configurations and lookups.
Before you migrate
- Make a backup of the following directories present in the splunk_app_for_nix package in the $SPLUNK_HOME/etc/apps directory on each search head:
/local
directory which contains all the local configurations under conf files/lookups
directory which contains the CSV lookups/metadata/local.meta
directory which contains the updated permissions for the Knowledge Objects
- Take backup from the ui-prefs of splunk_app_for_nix for each user from
/opt/splunk/etc/users/
.
If you are currently using the Splunk App for Unix and Linux, your deployment might be installed as shown in the following table:
Data collection node | Indexer | Search head | |
---|---|---|---|
Splunk Add-on for Unix and Linux | ✓ | ✓ | ✓ |
Splunk App for Unix and Linux | ✓ |
You can review the dashboards included in the Content Pack for Unix Dashboards and Reports before you migrate. See Use the Content Pack for Unix Dashboards and Reports. The first option for migrating from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports is to disable the Splunk App for Unix and Linux so that the content pack can use the same environment. Failure to first disable the Splunk App for Unix and Linux can cause knowledge object conflicts.
Use the steps below to migrate from Splunk App for Unix and Linux to Content Pack for Unix Dashboards and Reports.
- To disable the Splunk App for Unix and Linux, go to Apps > Manage Apps.
- Locate the Splunk App for Unix and Linux and select Disable. If the Disable button isn't available, follow these steps:
- Stop your Splunk platform deployment.
cd $SPLUNK_HOME/bin ./splunk stop
- On each of the search heads in your deployment, go to
$SPLUNK_HOME/etc/apps/splunk_app_for_nix/local/app.conf
. If a local directory does not exist, create one and create an app.conf file and edit thestate
property of the install stanza as shown:[install] state = disabled
- Start your Splunk platform deployment instance in either of the following ways:
cd $SPLUNK_HOME/bin/ ./splunk start
If you do not need to navigate to the directory with a cd command, use the following syntax:
$SPLUNK_HOME/bin/splunk start
After disabling the app, associated dashboards and knowledge objects won't be accessible, and the knowledge objects won't run or perform any action.
- Stop your Splunk platform deployment.
- Install IT Service Intelligence (ITSI) or IT Essentials Work (ITE Work) on the same search head with Unix or Linux data according to your type of deployment. Refer to these topics in the Splunk IT Service Intelligence Install and Upgrade Manual:
- See Install Splunk IT Service Intelligence on a single instance in the ITSI Install and Upgrade Manual.
- See Install Splunk IT Service intelligence in a distributed environment in the ITSI Install and Upgrade Manual.
- See Install IT Service Intelligence in a search head cluster environment in the ITSI Install and Upgrade Manual.
- See Install IT Essentials Work in the ITSI Install manual.
- Install the Splunk App for Content Packs according to your type of deployment:
- See Install the Splunk App for Content Packs on a single, on-premises environment in the Splunk App for Content Packs Overview of the Splunk App for Content Packs manual.
- See Install the Splunk App for Content Packs on a search head cluster environment in the Splunk App for Content Packs Overview of the Splunk App for Content Packs manual.
- See Install the Splunk App for Content Packs on a distributed environment in the Splunk App for Content Packs Overview of the Splunk App for Content Packs manual.
When you've completed the steps above, the deployment is installed as shown in the following table:
Data collection node | Indexer | Search head | |
---|---|---|---|
Splunk Add-on for Unix and Linux | ✓ | ✓ | ✓ |
Splunk App for Unix and Linux | Disabled | ||
ITSI or IT Essentials Work | ✓ | ✓ | |
Splunk App for Content Packs | ✓ |
After you migrate
After migrating, perform the following steps on each Search Head in your deployment:
- Move the following directories from the App package to the
DA-ITSI-CP-unix-dashboards
folder that you backed up while going through the prerequisites for migration./local
directory collected from the app that contains all the local configurations/lookups
directory/metadata/local.meta
directory
- Remove the
app.conf
file from local directory. - Migrate ui-prefs by renaming the folder splunk_app_for_nix to DA-ITSI-CP-unix-dashboards for each user under
$SPLUNK_HOME/etc/users/
directory. (Perform this step on each search head if your environment is distributed)
mv $SPLUNK_HOME/etc/users/admin/splunk_app_for_nix $SPLUNK_HOME/etc/users/admin/DA-ITSI-CP-unix-dashboards
- Restart the instance.
$SPLUNK_HOME/bin/splunk restart
Install and configure the content pack
You can now install the content pack and make configurations:
- Make sure the *nix data collected using Splunk Add-on for Unix and Linux is searchable from the search head where you installed the Splunk App for Content Packs.
- Install the Content Pack for Unix Dashboards and Reports. See Install the Content Pack for Unix Dashboards and Reports.
- Configure the Content Pack for Unix Dashboards and Reports. See Configure the Content Pack for Unix Dashboards and Reports.
Access the dashboards in the content pack
You can now access the dashboards from the content pack:
- In Splunk Web, open ITSI or IT Essentials Work.
- From the main navigation bar choose Dashboards > Dashboards.
- In the list of dashboards, those with the App name DA-ITSI-CP-unix-dashboards are dashboards from the Content Pack for Unix Dashboards and Reports. Select the dashboard title to open the dashboard.
Configure the Content Pack for Unix Dashboards and Reports in a new environment
The second option for migrating from the Splunk App for Unix and Linux to the Content Pack for Unix Dashboards and Reports is to configure the content pack in a new environment.
To configure the content pack in a new environment, create a test environment and perform the following steps to set up the Content Pack for Unix Dashboards and Reports:
- After installing the Splunk App for Content Packs, install the content pack in your test environment. For detailed steps, see Install the Content Pack for Unix Dashboards and Reports.
- Once you complete testing the content pack in your test environment, install the content pack in your production environment. For detailed steps, see Install the Content Pack for Unix Dashboards and Reports
- Once installation in your production environment is complete, configure the content pack. For detailed steps, see Configure the Content Pack for Unix Dashboards and Reports.
Install the Content Pack for Unix Dashboards and Reports | Configure the Content Pack for Unix and Dashboards and Reports |
This documentation applies to the following versions of Content Pack for Unix Dashboards and Reports: 1.2.0
Feedback submitted, thanks!