Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

Acrobat logo Download manual as PDF


On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Configuration

This topic explains what happens when you activate the app after installing it on your Splunk instance. It show you how to enable or disable the inputs that come with the app, and can be used as a reference.

You can use Splunk Manager, the Splunk CLI, or Splunk configuration files to enable, disable, or edit configurations for the Splunk for Unix and Linux app and add-on. However, the below documentation focuses on the app's Setup notification and workflow, which is the recommended method to configure the app's inputs.

Navigating to the Setup Page

When you access the app as a Splunk admin, you can always click on the Setup link on the far right of the app's main navigation to access the setup page.

App Setup Notification

Additionally, when you access the app for the first time, you will see a dialog box like the following:

Unixconfmodal.png

If you are a Splunk admin, this dialog box indicates that you need to configure the app before it can begin gathering information about your system.

If you are a Splunk user but not a Splunk admin, this dialog box will allow you to ignore this warning when you visit the app again. Make sure that you report to your Splunk admin that the app might require additional configuration.

Note: Splunk Manager will no longer display a setup link for this app. Setup and notification now occurs in the main content of the app rather than in Manager.

Configure from within Splunk Web

To configure the Splunk App for Unix and Linux:

1. Navigate to the Setup page, either by clicking Configure from the app setup notification dialogue or by clicking Setup on the app's main navigation.

2. Select the file and directory inputs that you want to enable for the app. Or, click (All) next to the Enable column to enable all of the inputs.

3. Select the scripted inputs that you want to enable for the app. Or, click (All) next to the Enable column to enable them all.

4. Optionally, you can change the intervals at which enabled scripted inputs are triggered. Do this by typing in a number, in seconds, in the entry box for the desired scripted input.

  • For example, if you want the hardware.sh scripted input to run more than the default of once every 36000 seconds (10 hours), then select that input's entry box and type in the desired interval.

5. Once you are satisfied with the configuration of the inputs, save the configuration by clicking Save.

6. On the Splunk *nix App Setup Success page, click OK to be taken to the app's home page.

Last modified on 06 September, 2012
PREVIOUS
Log in and get started 		  NEXT
Dashboard reference

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.5

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters