Other deployment considerations
In many applications, the Splunk Technology Add-on for Unix and Linux installs on a *nix server and collects data from that server. There are additional uses for the TA:
- You can use the TA to collect *nix data from a number of *nix machines by installing a universal forwarder on each machine and deploying the app to those forwarders. Once the app is installed on each forwarder, you can then forward the data to a receiving indexer that is running the full app.
- You can also install the TA on an indexer to provide data inputs for another app installed on that indexer, such as the Splunk Enterprise Security Suite (ESS).
Configure the Splunk App for Unix and Linux on multiple machines
The app has the ability to display data from many hosts. Following is a list of steps to take to get that data:
1. Install the Splunk App for Unix and Linux on a central Splunk instance.
2. Configure the central Splunk instance to be a receiving indexer.
3. On each *nix machine from which you want to get *nix data, install a universal forwarder.
4. Configure each universal forwarder to forward data to the central Splunk receiver.
5. Install the Splunk TA for Unix and Linux from the command line on each universal forwarder.
6. Configure inputs.conf on each universal forwarder to enable the *nix data inputs.
Note: A deployment server can ease management of this and other forwarder configuration files. Consider installing one in your environment if you have not already.
7. On the central Splunk instance, open the Splunk App for Unix and Linux and confirm that you are receiving data from all universal forwarders.
| What data the Splunk TA for Unix and Linux collects | Install the Splunk Technology Add-on for Unix and Linux |
This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.7
Download manual
Feedback submitted, thanks!