Enable data and scripted inputs
Once you have installed the Splunk App for Unix and Linux, you must enable the data and scripted inputs within the Splunk Add-on for Unix and Linux (Splunk_TA_nix) in order for the add-on to collect data and send it to the indexers in the central Splunk App for Unix and Linux instance.
To enable the inputs included with the Splunk Add-on for Unix and Linux:
1. Make a copy of $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default/inputs.conf and place it into $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local.
Note: If the $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local directory does not exist, you will need to create it.
2. Open $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf for editing.
Caution: Do not edit the inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default. This file gets overwritten whenever you upgrade the app.
3. Enable the inputs that you want the app to monitor by setting the disabled attribute for each input stanza to 0.
4. Save the file.
5. Restart your Splunk instance:
# ./splunk restart
| Install the Splunk App for Unix and Linux in a distributed Splunk environment | Log in and get started |
This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 5.0
Download manual
Feedback submitted, thanks!