Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

Acrobat logo Download manual as PDF


On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Install the Splunk App for Unix and Linux

This topic guides you through the steps required to install the Splunk App for Unix and Linux.

The installation package for the Splunk App for Unix and Linux contains:

  • Dashboards, reports, alerts, lookups, and macros for use with Splunk Web.

The Splunk Add-on for Unix and Linux (Splunk_TA_Nix) is available as a separate download from Splunkbase. It is no longer part of the Splunk App for Unix and Linux package.

You can install the Splunk App for Unix and Linux package using Splunk Web or from the command line on a full Splunk instance only. You cannot install the app onto a universal forwarder as you must have Splunk Web to use the app.

Install the Splunk App for Unix and Linux from within Splunk Web

To install the Splunk App for Unix and Linux from within Splunk Web:

  1. Log into Splunk on the system on which you want to install the Splunk App for Unix and Linux. Splunk loads the Home screen.
  2. In the "Home" screen, click Find More Apps in the lower left-hand corner of the screen. Splunk loads the Browse more apps screen.
  3. In the "Browse more apps" screen, locate the Splunk App for Unix and Linux in the list, or type in "Splunk App for Unix and Linux" in the search box at the upper right hand corner of the screen.
  4. In the "Splunk App for Unix and Linux" entry in the list, click the Install Free button. Splunk installs the Splunk App for Unix and Linux, as well as the Splunk Add-on and Supporting Add-on for Unix and Linux.
  5. Restart Splunk to complete the app installation.
  6. Proceed to the "Log in and get started" page to continue using the app.

Install the Splunk App for Unix and Linux in Splunk Web from a downloaded file

Alternatively, you can download the Splunk App for Unix and Linux package and install it using Splunk Web:

  1. Download the Splunk app for Unix and Linux from Splunk Apps and save it to an accessible location. Note: The file downloads with a .tar.gz extension. Do not attempt to run this file.
  2. Log into Splunk on the system which you want to install the Splunk App for Unix and Linux.
  3. In the Home screen, click Manage Apps. Splunk loads the "Apps" screen.
  4. Click Install App from file. Splunk loads the Upload app screen.
  5. Click the Choose file button to locate the installation package you just downloaded.
  6. Click Upload. Splunk installs the Splunk App for Unix and Linux, as well as the Splunk Add-on and Supporting Add-on for Unix and Linux.
  7. Restart Splunk to complete the app installation.
  8. Proceed to the "Log in and get started" page to continue using the app.

Install the Splunk App for Unix and Linux from the command line

To install the Splunk App for Unix and Linux from the command line:

  1. Download the Splunk app for Unix and Linux from Splunk Apps, if you haven't already. Note: The file downloads with a .tar.gz extension. Do not attempt to run this file.
  2. Unpack the file into an accessible location.
  3. Copy the splunk_app_for_nix directory to $SPLUNK_HOME/etc/apps.
  4. Restart Splunk to complete the app installation.
  5. Proceed to the "Log in and get started" page to continue using the app.

Upgrade the Splunk App for Unix and Linux from previous versions

The SA-nix file is not included in versions 5.2.2 and later of the Splunk App for Unix and Linux. Manually delete SA-nix from your apps folder when upgrading from any version 5.2.1 and earlier.

To keep the categories and groups that you have configured,

  1. Copy the dropdowns.csv file in etc/apps/SA-nix/lookups/ for a single instance deployment or $SPLUNK_HOME/etc/shcluster/apps for a distributed deployment.
  2. Move the dropdowns.csv file into etc/apps/splunk_app_for_nix/lookups/ for a single instance deployment or $SPLUNK_HOME/etc/shcluster/apps for a distributed deployment with your backup.

From version 5.0.x

You can upgrade directly from version 5.0 of the Splunk App for Unix and Linux through Splunk's in-app upgrade feature within Splunk Web, or from the command line.

From version 4.6.x and earlier

There is no supported upgrade path from version 4.6 of the Splunk App for Unix and Linux to this version. If you want, it is possible to run both version 4.6 and other versions simultaneously.

The installation package for this version of the app installs into a different directory than version 4.6. Once you have installed this version, you can then configure this version of the app to use the same indexes and source types that the version 4.6 app uses.

For detailed installation instructions, read "Install the Splunk App for Unix and Linux" in this manual.

Caution: Do not attempt to install this version of the app into the same directory of a version before 5.0. That is not supported and can render both versions of the app unusable.

Once you have configured and evaluated this version of the app, you can then remove the 4.6 version at a later date. No data loss will occur.

For information on any known issues in this version, review the release notes.

Last modified on 24 October, 2018
PREVIOUS
What a Splunk App for Unix and Linux deployment looks like
  NEXT
Install the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 5.2.3, 5.2.4


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters