Troubleshoot the Splunk App for Unix and Linux
This topic discusses how you can troubleshoot your Splunk App for Unix and Linux deployment if you are experiencing errors or are not seeing the data that you expect. It also contains a frequently asked questions (FAQ) section
Common issues
When you enable alerts you receive an error about the unix_summary index
This error occurs because you have not distributed the indexes.conf that comes with the Splunk Supporting Add-on for Unix and Linux (SA-nix/default/indexes.conf to all of the indexers in your Splunk App for Unix and Linux instance). Alerts require this special index to function correctly.
The app complains about a missing or invalid dropdowns.csv
This error occurs when you skip the first-time configuration screen. To fix it, configure the app by selecting "Settings" from the main app menu, and from the Settings screen, selecting "Categories."
Frequently Asked Questions
The app does not display CPU information
This error occurs because the sysstat package is not installed on the system that hosts the app, and must be. Use your system's package manager to install the package and resolve the problem.
Note: Ubuntu systems do not ship with this by default and you must use the following command to add it:
apt-get install sysstat
Amazon EC2 Amazon Machine Image (AMI) systems also do not ship with this package installed by default. Use the following command to add the package:
yum -y install sysstat
| Use the Alerts dashboard | Create custom alerts |
This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 5.0, 5.0.1, 5.0.2, 5.0.3, 5.1.0
Download manual
Feedback submitted, thanks!