Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.

Install the Splunk Add-on for Unix and Linux

When you install the Splunk App for Unix and Linux, you automatically install the Splunk Add-on for Unix and Linux.

You install both the Splunk App and Splunk Add-on for Unix and Linux by downloading the installation package from Splunk Apps.

The Splunk Add-on for Unix and Linux installs into $SPLUNK_HOME/etc/apps/Splunk_TA_nix.

Install the Splunk Add-on for Unix and Linux

When you install the add-on onto a universal forwarder, neither Splunk Web nor the CLI is available - you must install it manually. To install the add-on on a universal forwarder:

1. Download the Splunk Add-on for Unix and Linux from Splunk Apps, if you haven't already.

Note: The file downloads with a .zip extension. Do not attempt to run this file.

2. Unpack the splunk_app_for_nix.zip file into $SPLUNK_HOME/etc/apps:

# cd $SPLUNK_HOME
# unzip /path/Splunk_app_for_nix.zip -d $SPLUNK_HOME
etc/apps/splunk_app_for_nix/
...
etc/apps/Splunk_TA_nix/
etc/apps/Splunk_TA_nix/appserver/
etc/apps/Splunk_TA_nix/appserver/controllers/
...
Splunk_TA_nix/samples/sample.fs_notification
Splunk_TA_nix/samples/syslog.nix
#

3. Make sure that the user and group that runs Splunk owns the files.

4. Complete the steps in "Enable data and scripted inputs in the add-on".

Enable data and scripted inputs in the add-on

Once you have installed the Splunk Add-on for Unix and Linux, you must manually enable the inputs that come with it.

To enable the inputs included with the add-on:

1. Make a copy of $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default/inputs.conf and place it into $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local.

Caution: Do not edit the inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default. This file gets overwritten whenever you upgrade the app.

2. Open $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf for editing.

3. Enable the inputs that you want the add-on to monitor by setting the disabled attribute for each input stanza to 0.

4. Save the file.

5. Restart your Splunk instance:

# ./splunk restart
Last modified on 15 September, 2013
 

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 5.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters