Splunk® IT Service Intelligence

Entity Integrations Manual

Acrobat logo Download manual as PDF


Splunk IT Service Intelligence version 4.7.0 reached its End of Life on October 28, 2022.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

Collect *nix data in ITSI with the Splunk Add-on for Unix and Linux

You can collect *nix data in ITSI with the Splunk Add-On for Unix and Linux. Entities created through the Splunk Add-on for Unix and Linux integration have the entity type Unix/Linux Add-on.

Prerequisites

Requirement Description
ITSI roles You need to log in as a user with the itoa_admin or sc_admin role.

Steps

Follow these steps to add *nix data to ITSI through the Splunk Add-on for Unix and Linux.

1. Integrate with the Splunk App for Infrastructure

Follow these steps to integrate ITSI with the Splunk App for Infrastructure.

  1. From the ITSI main menu, go to Configuration > Entities.
  2. Click Manage Integrations.
  3. Turn on Integrate entities so ITSI has the latest entity information.

2. Install the Splunk universal forwarder

If you haven't already, you need to install and configure the Splunk universal forwarder. For instructions, see About the universal forwarder in the Forwarder Manual. For Splunk Cloud, see Configure a universal forwarder to send data to ITSI in Splunk Cloud.

3. Install and configure the Splunk Add-on for Unix and Linux

Follow these steps to install and configure the Splunk Add-on for Unix and Linux:

  1. Review the Splunk Add-on for Unix and Linux requirements. For more information, see Hardware and software requirements for the Splunk Add-on for Unix and Linux in the Splunk Add-on for Unix and Linux Manual.
  2. Install the Splunk Add-on for Unix and Linux. For more information, see Install the Splunk Add-on for Unix and Linux in the Splunk Add-on for Unix and Linux Manual.
  3. Configure the Splunk Add-on for Unix and Linux. Enable the metrics inputs in the Splunk Add-on for Unix and Linux and set index to em_metrics. For more information, see Enable data and scripted inputs for the Splunk Add-on for Unix and Linux. If you want to use any other metrics index instead of em_metrics index, see Use custom metric indexes in Splunk App for Infrastructure

4. Verify your Unix and Linux integration and view associated entity details dashboards

Follow these steps to check that your entities appear in ITSI, and to view the associated entity details dashboard.

  1. From the ITSI main menu, go to Configuration > Entities.
  2. Click View Health on an entity with the entity type Unix/Linux Add-on.
Last modified on 23 June, 2021
PREVIOUS
*nix data you can collect with collectd in ITSI 		  NEXT
Collect *nix metrics and logs with the data collection script in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.8.0 Cloud only, 4.8.1 Cloud only

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters