Splunk® Add-on for Unix and Linux (Legacy)

Deploy and Use the Splunk Add-on for Unix and Linux

The documentation for the current version of this Add-on has moved. See the current version of the documentation for the Splunk Add-on for Unix and Linux.

Install the Splunk Add-on for Unix and Linux

You can install the Splunk Add-on for Unix and Linux with Splunk Web or from the command line. You can install the add-on onto any type of Splunk Enterprise or Splunk Cloud instance (indexer, search head, or forwarder).

  1. Download the Splunk Add-on for Unix and Linux from Splunkbase.
  2. Determine where and how to install this add-on in your deployment.
  3. Perform any prerequisite steps before installing.
  4. Complete your installation.

If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, Splunk Cloud, or Splunk Light.

Distributed installation of this add-on

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.

Splunk instance type Supported Required Comments
Search Heads Yes Yes Install this add-on to all search heads where Unix or linux knowledge management is required. As a best practice, turn add-on visibility off on your search heads to prevent data duplication errors that can result from running inputs on your search heads instead of or in addition to your data collection node.
Indexers Yes Conditional Not required if you use heavy forwarders to collect data. Required if you use universal or light forwarders to collect data.
Heavy Forwarders Yes See comments This add-on supports forwarders of any type for data collection. The host must run a supported version of *nix.
Universal Forwarders Yes See comments
Light Forwarders Yes See comments

Distributed deployment compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes Disable add-on visibility on search heads.
Indexer Clusters Yes To get data from an indexer cluster member, install the add-on into that member.
Deployment Server Yes Supported for deploying the configured add-on to multiple nodes.

Installation walkthroughs

See Installing add-ons in Splunk Add-Ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:

Last modified on 26 April, 2019
Installation and configuration overview for the Splunk Add-on for Unix and Linux   Upgrade the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® Add-on for Unix and Linux (Legacy): 6.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters