Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.

Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk App for Unix and Linux.

What's new

Here's what's new in the latest version of the Splunk App for Unix and Linux:

  • A brand-new interface that allows for customization and configuration, and can display information on a large number of hosts.
  • Numerous bug fixes to underlying scripts and search language from the previous version.

Current known issues

The Splunk App for Unix and Linux has the following known issues:

  • Attempting to install the Splunk App for Unix and Linux from the Splunk Web GUI results in a 500 Internal Server Error. To work around the issue, install the Splunk App for Unix and Linux manually. (NIX-569, BASE-1945)
  • When you install the app and point it at the indexes which contain your *nix data, it might take up to 15 seconds for that data to begin showing up in the app. This is due to lookup generation. (NIX-467)
  • The colors in the Metrics Viewer graphs do not update correctly if you transpose sliders in the Metrics Viewer's threshold bar. (NIX-428)
  • When in node view, the Hosts dashboard sometimes shows inconsistent colors with respect to the detailed view colors. (NIX-353, NIX-409)
  • When you use Firefox to access the Splunk App for Unix and Linux, the radial graphs in the Home dashboard sometimes do not display correctly. The slices within the graphs sometimes spill out of their containers. To work around the problem, refresh the page. (NIX-370, NIX-413)
  • On HP/UX systems, there is no way to obtain the number of threads on a system. This means that the vmstat scripted inputs will always return "?" for threads columns on HP/UX.
  • On Solaris systems, the hardware.sh scripted input sometimes returns empty values for some entries. (NIX-42)
  • If you clone an existing alert saved search, you cannot edit the search using the "Settings: Alerts" configuration page. (NIX-537)
  • You cannot create custom alerts using Splunk Web; you must do so with configuration files. (NIX-536)
  • If you remove the default group, you sometimes receive an error "Unknown search command: 'all'" when you load the Home page. (NIX-560)
  • In the Hosts page, if you do not wait for all data on a host information card to load before pinning that card, when you select another host, the original host information card does not remain pinned. (NIX-320)
Last modified on 01 October, 2013
Search macros   Third-party software attributions/credits

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 5.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters