Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.

Configuration

This topic explains what happens when you activate the app after installing it on your Splunk instance. It show you how to enable or disable the inputs that come with the app, and can be used as a reference.

You can configure the Splunk Technology Add-on (TA) for Unix and Linux directly from the command line. For specific instructions on how to do so, read "Configure from the command line" later in this topic.

You can use the Splunk CLI or Splunk configuration files to enable, disable, or edit configurations for the Splunk TA for Unix and Linux.

Configure from the command line

To configure the Splunk App for Unix and Linux from the command line, use the setup.sh command:

$SPLUNK_HOME/bin/splunk cmd $SPLUNK_HOME/etc/apps/TA-nix/bin/setup.sh

Usage

setup.sh has the following arguments:

       (no argument)   menu-based setup
       --auth          credentials (user:pass) for specified command
       --clone-all     clone input configuration from local to remote
       --disable-all   disable all inputs
       --disable-input input to be disabled
       --enable-all    enable all inputs
       --enable-input  input to be enabled
       --help          print usage and exit
       --install-app   install the app at the given location
       --interval      set input to given interval
       --list-all      show details all inputs
       --list-input    show details for input
       --usage, --?    print usage and exit
       --uri           remote uri (https://host:port) to use

Examples

To set cpu.sh interval to 120 seconds (with auth prompt):

           setup.sh --interval cpu.sh 120

To disable all local inputs (with no auth prompt):

           setup.sh --disable-all --auth admin:changeme1

To show input status on remote host foobar:

           setup.sh --list-all --uri https://foobar:8089

To update the unix app from your-server on the remote host foobar:

           setup.sh --install-app https://your-server/unix.spl --uri https://foobar:8089

To copy the local input configuration to the remote host foobar:

           setup.sh --clone-all --uri https://foobar:8089
Last modified on 09 April, 2013
Install the Splunk Technology Add-on for Unix and Linux   Release notes

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.7


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters