Splunk® Content Packs for ITSI and IT Essentials Work

Splunk Content Packs for ITSI and IT Essentials Work

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Data requirements for the Content Pack for Monitoring Unix and Linux

The Content Pack for Monitoring Unix and Linux requires that you install the Splunk Add-on for Unix and Linux and configure it to collect and send data to your deployment.

Prerequisite

First, install a universal forwarder on any host that you want to send data to your ITSI deployment. See About forwarding and receiving in the Splunk Enterprise Forwarding Data manual to learn how to install and configure universal forwarders.

Install the Splunk Add-on for Unix and Linux

Use the following table as reference to install the Splunk Add-on for Unix and Linux on your deployment:

App Installation link Search heads Indexers Forwarders
Splunk Add-on for Unix and Linux Installation steps x x x

For Linux systems, install the sysstat package to collect operating system data.

See What data the Splunk Add-on for Unix and Linux collects in the Deploy and Use Splunk Add-on for Unix and Linux manual for a reference of scripted and file inputs.

Configure the add-on to collect data and send it to your Splunk deployment

  1. Download the Splunk Add-on for Unix and Linux from Splunkbase.
  2. From a command shell, place the add-on in the $SPLUNK_HOME/etc/apps directory.
  3. Create an inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/. If this file already exists, merge the stanzas in the next step.
  4. Paste the following stanzas into the configuration file to generate the KPIs for the content pack:
    [script://./bin/bandwidth.sh]
    disabled = false
    index=os
     
    [script://./bin/cpu.sh]
    disabled = false
    interval = 60
    index=os
     
    [script://./bin/df.sh]
    disabled = false
    index=os
    
    [script://./bin/hardware.sh]
    disabled = false
    index=os
     
    [script://./bin/iostat.sh]
    disabled = false
    index=os
     
    [script://./bin/nfsiostat.sh]
    disabled = false
    index=os
     
    [script://./bin/ps.sh]
    disabled = false
    interval = 300
    index=os
     
    [script://./bin/version.sh]
    disabled = false
    index=os
     
    [script://./bin/vmstat.sh]
    disabled = false
    index=os
     
  5. By default, all indexes are set to os. In each stanza, set it to the index you want to use.
  6. Save and close the file.
  7. Restart your universal forwarder. For more information, see Start the universal forwarder in the Splunk Enterprise Forwarder Manual.
  8. Use the Search and Reporting app to confirm that you see incoming data from the hosts you configured.
Last modified on 28 June, 2021
PREVIOUS
Release notes for the Content Pack for Monitoring Unix and Linux
  NEXT
Install and configure the Content Pack for Monitoring Unix and Linux

This documentation applies to the following versions of Splunk® Content Packs for ITSI and IT Essentials Work: current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters