Troubleshoot the Splunk App for Unix and Linux
This topic discusses how you can troubleshoot your Splunk App for Unix and Linux deployment if you are experiencing errors or are not seeing the data that you expect.
When you enable alerts you receive an error about the unix_summary
index
This error occurs because you have not distributed the indexes.conf
that comes with the Splunk Supporting Add-on for Unix and Linux (SA-nix/default/indexes.conf
to all of the indexers in your Splunk App for Unix and Linux instance). Alerts require this special index to function correctly.
The app complains about a missing or invalid dropdowns.csv
This error occurs when you skip the first-time configuration screen. To fix it, configure the app by selecting "Settings" from the main app menu, and from the Settings screen, selecting "Categories."
The app does not display CPU information
This error occurs because the sysstat
package is not installed on the system that hosts the app, and must be. Use your system's package manager to install the package and resolve the problem.
Note: Ubuntu systems do not ship with this by default and you must use the following command to add it:
apt-get install sysstat
Amazon EC2 Amazon Machine Image (AMI) systems also do not ship with this package installed by default. Use the following command to add the package:
yum -y install sysstat
The "Home" and "Metrics" views do not display any data
If "Home" and "Metrics" views do not display any data, navigate to the web.conf
file on the Splunk platform instance that runs the app and add the following section:
[settings] minify_js = True
If minify_js = False
is enabled in the web.conf file, views of the app will not load app fails to load jquery-1.6.2 data, and no error message will display in the user interface.
Use the Alerts dashboard | Create custom alerts |
This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 5.2.1
Feedback submitted, thanks!