Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.

Install the Splunk App for Unix and Linux

This app takes you through the steps required to install the Splunk App for Unix and Linux. You can install the app from Splunk Web or by using the command line.

Where to install the Splunk App for Unix and Linux

The Splunk App for Unix and Linux can be installed on different machines based on the layout of your Splunk and/or Unix server deployment. Following are some of the common scenarios under which you would install the app.

  • If you have a single *nix server running Splunk, install the app using the directions for Splunk Web provided below. The app collects *nix data for that server alone.
  • If you have a central cluster of servers dedicated to a Splunk instance, including indexers and search heads, install the app on the search heads in the deployment at a minimum, using the method shown below that works best for you. The app collects data from the search heads it is installed on. You can also install it on the indexers to get *nix data from those servers.
  • If you have other *nix servers that you want to collect data from, install universal forwarders on those servers and configure the forwarders to send data to a central Splunk instance that runs the Splunk App for Unix and Linux. Then, deploy the Splunk Technology Add-on for Unix and Linux onto the universal forwarders using the command line installation instructions shown later in this topic.
  • You can deploy the Splunk App for Unix and Linux on a Windows Splunk server. The app displays a warning dialog when you do this, however, and it will not be able to collect any *nix data. It will display any *nix data that is forwarded to it from other *nix servers.

Install the Splunk App for Unix and Linux using Splunk Web

To install the Splunk App for Unix and Linux using Splunk Web:

1. Download the Splunk app for Unix and Linux from Splunkbase, if you haven't already.

Note: The file downloads with a .tar.gz extension. Do not attempt to run this file. You will install it within Splunk.

2. Log into Splunk Web on the Splunk instance on which you want to install the app.

3. Once logged in, click the App menu from the upper right menu bar, and select Manage apps...

4. On the next page, click the Install app from file button.

5. On the Upload a file screen, click Browse...

6. Locate the downloaded unix.tar.gz file and click Open.

7. Click Upload.

Splunk opens the unix.tar.gz package and installs the application.

8. Click the Restart Splunk button or the link in the banner to restart Splunk,

Note: A dialog box asking you if you are sure you want to restart Splunk may appear. Click OK to restart Splunk.

9. Once Splunk restarts, click OK to return to the Splunk login page.

10. Proceed to the "Log in and get started" page to continue using the app.

Install the Splunk App for Unix and Linux from the command line

If you do not have a windowed environment on your machine, you can also install the app from the command line.

To install the Splunk App for Unix and Linux from the command line:

1. Optionally, download the Splunk App for Unix and Linux from Splunkbase. The app downloads as a .tar.gz file.

Note: If you have access to the Internet and have a valid link to where the app package resides, you can use the splunk install command to install the app directly from the internet: 

# cd /opt/splunk/bin
# ./splunk install http://server.com:80/files/unix.tar.gz

In this case, proceed directly to Step 3.

2. Run the splunk install CLI command: 

# cd /opt/splunk/bin
# ./splunk install app <path>/unix.tar.gz
App 'unix' is installed.

Note: You might be required to log into your Splunk instance before it installs the app.

3. Restart your splunk instance: 

# ./splunk restart

4. Proceed to the "Log in and get started" page to begin using the app.

Note: You can also configure the Splunk App for Unix and Linux from the command line. Read "Configure from the command line" in this manual for specific instructions.

Enable data and scripted inputs in the app

While you can enable or disable inputs for the app directly in Splunk Web, you can also enable them manually from the command line.

To manually enable the inputs included with the app:

1. Make a copy of $SPLUNK_HOME/etc/apps/unix/default/inputs.conf and place it into $SPLUNK_HOME/etc/apps/unix/local.

Note: If the $SPLUNK_HOME/etc/apps/unix/local directory does not exist, you will need to create it.

2. Open $SPLUNK_HOME/etc/apps/unix/local/inputs.conf for editing.

Caution: Do not edit the inputs.conf file in $SPLUNK_HOME/etc/apps/unix/default. This file gets overwritten whenever you upgrade the app.

3. Enable the inputs that you want the app to monitor by setting the disabled attribute for each input stanza to 0.

4. Save the file.

5. Restart your Splunk instance: 

# ./splunk restart
Last modified on 29 March, 2013
Other deployment considerations   Install the Splunk Technology Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.5, 4.6

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters