Other deployment considerations
In many applications, the Splunk App for Unix and Linux suite installs on a *nix server and collects data from that server. You then use Splunk Web to browse the app's included dashboards, reports, and saved searches to gain for insight into that data.
Additional uses for the app and add-on
There are additional uses for the app and add-on:
- You can use the add-on to collect *nix data from a number of *nix machines by installing a universal forwarder on each machine and deploying the app to those forwarders. Once the app is installed on each forwarder, you can then forward the data to a receiving indexer that is running the full app. Read "Deploy the Splunk App for Unix and Linux in a distributed Splunk environment" for additional information and instructions.
- You can install the app on a Splunk instance running on Windows. This instance can be an indexer or a search head. In this configuration, you must disable all included inputs that come with the app. Read "Search data received from a forwarder running on a different operating system" for additional details.
- You can also install the add-on on an indexer to provide data inputs for another app installed on that indexer, such as the Splunk App for Enterprise Security.
- If you install the Splunk App for Unix and Linux in a distributed environment and have configured the search heads in that environment to send data to the indexers, you might need to deploy the
indexes.confincluded with the Splunk Supporting Add-on for Unix and Linux component (
SA-nix/default/indexes.conf) onto your indexers to make sure that the
unix_summarysummary index is available. Failure to do so might cause issues with alerts for the app, as alerts use this special index.
What data the Splunk App and Splunk Add-on for Unix and Linux collect
What a Splunk App for Unix and Linux deployment looks like
This documentation applies to the following versions of Splunk® App for Unix and Linux: 5.0