Splunk® Add-on for Unix and Linux (Legacy)

Deploy and Use the Splunk Add-on for Unix and Linux

The documentation for the current version of this Add-on has moved. See the current version of the documentation for the Splunk Add-on for Unix and Linux.

Enable data and scripted inputs for the Splunk Add-on for Unix and Linux

After you have installed the Splunk Add-on for Unix and Linux, you must enable the data and scripted inputs within the add-on so that it collects data from your data collection nodes.

The Splunk Add-on for Unix and Linux has a configuration page which lets you enable the inputs from within Splunk Web. This page is only available on Heavy Forwarders and full instances of Splunk Enterprise. Use this option when you are collecting data from a server with a full instance of Splunk Enterprise installed.

On a Universal Forwarder, you must enable the inputs using the configuration files.

Enable the data and scripted inputs from within Splunk Web

When you configure the add-on from within Splunk Web, the configuration page has into two sections: The File and Directory Inputs section and the Scripted Inputs section.

  1. Log into the Splunk Enterprise instance installed on the server from which you want to collect data.
  2. Activate the Splunk Add-on for Unix and Linux. Locate the Splunk Add-on for Unix and Linux on the Apps page, and click the "Set up" link in the row for the Splunk Add-on for Unix and Linux.
  3. In the "File and Directory Inputs" section of the configuration page, click the radio buttons underneath Enable or Disable to enable or disable the input for the specified file or directory. You can also click the (All) link next to either "Enable" or "Disable" to enable all of the displayed inputs.
  4. In the "Scripted Inputs" section, click the radio buttons underneath "Enable" or "Disable" to enable or disable the input for the specified script (as shown under "Name".) You can also click the "(All)" link next to "Enable" or "Disable" to enable or disable all of the displayed scripted inputs.
  5. (Optional) Set the interval for a script by entering a positive number in the Interval text box for each script. For example, if you want the cpu.sh script to run once an hour, type in 3600 in the "Interval" text box for cpu.sh.
  6. Click Save.

Enable the data and scripted inputs with configuration files

When you configure data and scripted inputs using configuration files, copy only the input stanzas whose configurations you want to change. Do not copy the entire file, as those changes persist even after an upgrade.

  1. Create inputs.conf in the $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local directory.
  2. Open $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf for editing.
  3. Open $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default/inputs.conf for editing.
  4. Copy the input stanza text that you want to enable from the $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default/inputs.conf file and paste them into the $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf file.
  5. In the $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf file, enable the inputs that you want the add-on to monitor by setting the disabled attribute for each input stanza to 0.
  6. Save the $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf file.
  7. Restart the Splunk enterprise instance.
Last modified on 24 May, 2018
Upgrade the Splunk Add-on for Unix and Linux   Troubleshoot the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® Add-on for Unix and Linux (Legacy): 6.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters