About Unix and Linux entity integration in ITSI
When you collect *nix data through the Unix and Linux entity integration in IT Service Intelligence (ITSI), your entities are created by discovery searches and are automatically associated with entity types. You also gain access to prebuilt dashboards for each associated entity type. The following sections walk through the two ways you can add *nix data to ITSI through the Unix and Linux entity integrations. For information about data you can collect using this integration, see *nix data you can collect with ITSI.
Collect *nix data with the Splunk Add-on for Unix and Linux
The Splunk Add-on for Unix and Linux collects both metrics and logs data. Entities created through the Splunk Add-on for Unix and Linux integration have the entity type
Unix/Linux Add-on To use this integration you need to install and configure the Splunk Add-on for Unix and Linux and the Splunk universal forwarder. When you collect *nix data with the add-on, you don't run the easy install script.
For more information, see Collect *nix data in ITSI with the Splunk Add-on for Unix and Linux.
Collect *nix data with collectd and Splunk universal forwarder
There are two ways to collect *nix data with collectd and Splunk universal forwarder. Entities collected through collectd have entity type
Option one: Add data to ITSI with the collectd easy install script
When you run the *nix collectd easy install script, the universal forwarder and collectd are automatically installed on your machine. You can collect logs in addition to the metrics in the easy install script. For more information, see Collect *nix metrics and logs with the data collection script in ITSI.
Option two: Manually install and configure collectd and Splunk universal forwarder
You can manually set up collectd to collect metrics from a *nix host and collect log data for *nix systems with a universal forwarder. Manually configure metrics collection for a *nix host when you meet at least one of these conditions:
- You're installing collectd on a closed network with no internet access.
- You already installed collectd on the host.
- You don't have trusted URLs that you can download the required packages and dependencies from.
If you want to collect metrics from a *nix host, see Manually collect metrics from a *nix host in ITSI. If you also want to collect log data from a *nix host, see Manually collect logs from a *nix host in ITSI.
If you have problems setting up the Unix and Linux entity integration, see Troubleshoot the Unix and Linux entity integration in ITSI.
Analyze entity performance metrics in ITSI
Unix and Linux integration requirements in ITSI for collectd
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.8.0 Cloud only, 4.8.1 Cloud only, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only