Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.

Other deployment considerations

In many applications, the Splunk Technology Add-on for Unix and Linux installs on a *nix server and collects data from that server. There are additional uses for the TA:

  • You can use the TA to collect *nix data from a number of *nix machines by installing a universal forwarder on each machine and deploying the app to those forwarders. Once the app is installed on each forwarder, you can then forward the data to a receiving indexer that is running the full app.
  • You can also install the TA on an indexer to provide data inputs for another app installed on that indexer, such as the Splunk Enterprise Security Suite (ESS).

Configure the Splunk App for Unix and Linux on multiple machines

The app has the ability to display data from many hosts. Following is a list of steps to take to get that data:

1. Install the Splunk App for Unix and Linux on a central Splunk instance.

2. Configure the central Splunk instance to be a receiving indexer.

3. On each *nix machine from which you want to get *nix data, install a universal forwarder.

4. Configure each universal forwarder to forward data to the central Splunk receiver.

5. Install the Splunk TA for Unix and Linux from the command line on each universal forwarder.

6. Configure inputs.conf on each universal forwarder to enable the *nix data inputs.

Note: A deployment server can ease management of this and other forwarder configuration files. Consider installing one in your environment if you have not already.

7. On the central Splunk instance, open the Splunk App for Unix and Linux and confirm that you are receiving data from all universal forwarders.

Last modified on 09 April, 2013
What data the Splunk TA for Unix and Linux collects   Install the Splunk Technology Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.7


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters