Splunk® App for Infrastructure (Legacy)

Administer Splunk App for Infrastructure

About Unix and Linux integrations in SAI

There are two ways to collect *nix metric and log data in the Splunk App for Infrastructure (SAI). You can use collectd with either the easy install script or manually set up collectd with a universal forwarder. Or, you can collect *nix data with the Splunk Add-on for Unix and Linux installed on the Splunk universal forwarder.

Collect *nix data with the Splunk Add-on for Unix and Linux installed on the Splunk universal forwarder

The Splunk Add-on for Unix and Linux collects both metrics and logs. Entities created through the Splunk Add-on for Unix and Linux integration have the entity type TA_Nix. To use this integration, you need to install and configure the Splunk Add-on for Unix and Linux and the Splunk universal forwarder. When you collect *nix data with the Splunk Add-on for Unix and Linux, you do not run the easy install script. For more information, see Collect *nix data in SAI with the Splunk Add-on for Unix and Linux.

Collect *nix data with collectd and Splunk universal forwarder

There are two ways to collect *nix data with collectd and Splunk universal forwarder. Entities collected through collectd have entity type nix_host.

Option one: Add data to SAI with the collectd easy install script

When you run the *nix collectd easy install script, the Splunk universal forwarder and collectd are automatically installed on your machine. You can collect logs in addition to the metrics in the easy install script. For more information, see Collect *nix metrics and logs with the easy install script.

Option two: Manually install and configure collectd and the Splunk universal forwarder

You can manually set up collectd to collect metrics from a *nix host and collect log data for *nix systems with a Splunk universal forwarder.

Manually configure metrics collection for a *nix host when you meet at least one of these conditions:

  • You're installing collectd on a closed network with no internet access.
  • You already installed collectd on the host.
  • You don't have trusted URLs that you can download the required packages and dependencies from.

To manually collect *nix logs in SAI, see Manually configure log collection on a *nix host for Splunk App for Infrastructure.
To manually collect *nix metrics in SAI, see Manually configure metrics collection on a *nix host for Splunk App for Infrastructure.

For more information on using collectd, see About using collectd.

If you want to collect *nix data using collectd without HTTP Event Collector (HEC), see Send collectd data to a local universal forwarder.

Last modified on 26 August, 2020
Stop data collection on Splunk App for Infrastructure   Collect *nix data in SAI with the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4, 2.2.5


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters