Comparison of the Splunk App and Splunk Technology Add-on for Unix and Linux
This topic describes the difference between the Splunk App for Unix and Linux and the Splunk Technology Add-on (TA) for Unix and Linux.
During the course of the development of the app, Splunk customers asked us for Unix and Linux knowledge and inputs packaged separately from the Splunk Web user interface components that are present in the full app. This request was often made in order to facilitate use on light or universal forwarders, or when the primary use case for Unix and Linux data is to correlate with other data sources in an app other than Splunk for Unix and Linux.
The app and the TA share the same common knowledge and input base. For this reason, you should not install both the app and the TA on the same Splunk instance. If you do, you will receive an "Unsupported Configuration" warning on both app home pages after restarting Splunk. Additionally, the TA should not be installed on a Splunk instance running on Windows (you will receive an error as well).
Following is a table that compares basic features of the app and TA
| Feature | Splunk App for Unix / Linux | Splunk TA for Unix / Linux |
|---|---|---|
| Has a user interface for Splunk Web | Yes | Setup only |
| Can be deployed on light and universal forwarders | No | Yes |
| Can be installed on Windows Splunk instances | Yes* (all data inputs must be disabled) | No |
| Can provide data to other Splunk applications | Yes | Yes |
| About the Splunk Technology Add-on (TA) for Unix and Linux | How this app fits into the Splunk picture |
This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.5, 4.6, 4.7
Download manual
Feedback submitted, thanks!