Splunk® App for Unix and Linux

Install and Use the Splunk App for Unix and Linux

Download manual as PDF

This documentation does not apply to the most recent version of UnixApp. Click here for the latest version.
Download topic as PDF

Troubleshoot the Splunk App for Unix and Linux

This topic discusses how you can troubleshoot your Splunk App for Unix and Linux deployment if you are experiencing errors or are not seeing the data that you expect.

When you enable alerts you receive an error about the unix_summary index

This error occurs because you have version 5.2.1 or earlier of the Splunk App for Unix and Linux installed, and have not distributed the indexes.conf that comes with the Splunk Supporting Add-on for Unix and Linux (SA-nix/default/indexes.conf (contained in versions 5.2.1 and earlier) to all of the indexers in your Splunk App for Unix and Linux instance). Alerts require this special index to function correctly.

The app complains about a missing or invalid dropdowns.csv

This error occurs when you skip the first-time configuration screen. To fix it, configure the app by selecting "Settings" from the main app menu, and from the Settings screen, selecting "Categories."

The app does not display CPU information

This error occurs because the sysstat package is not installed on the system that hosts the app, and must be. Use your system's package manager to install the package and resolve the problem.

Note: Ubuntu systems do not ship with this by default and you must use the following command to add it:

   apt-get install sysstat

Amazon EC2 Amazon Machine Image (AMI) systems also do not ship with this package installed by default. Use the following command to add the package:

   yum -y install sysstat

The "Home" and "Metrics" views do not display any data

If "Home" and "Metrics" views do not display any data, navigate to the web.conf file located in app_unix/default/ on the Splunk platform instance that runs the app and add the following section:

minify_js = True

If minify_js = False is enabled in the web.conf file, views of the app will not load app fails to load jquery-1.6.2 data, and no error message will display in the user interface.

Split pctCPU

The value of pctCPU calculates across all CPU, and not per individual cores. Use searches such as the following to split pctCPU into smaller units:

Search Description

tag=cpu | stats avg(pctUser)

average cpu.user over all CPUs

tag=cpu | stats avg(pctUser) by CPU

average cpu.user per CPU

tag=cpu CPU=1 | stats avg(pctUser) by CPU

average cpu.user of CPU 1
Use the Alerts dashboard
Create custom alerts

This documentation applies to the following versions of Splunk® App for Unix and Linux: 5.2.3

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters