Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

Acrobat logo Download manual as PDF


On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Platform and hardware requirements

This topic discusses the underlying requirements for running both the Splunk App and the Splunk Add-on for Unix and Linux.

What versions of Splunk Enterprise does the app support?

The Splunk App for Unix and Linux supports Splunk Enterprise versions 7.3.x, 8.0.x, 8.1.x, and 8.2.0.

Distributed installation of this app

This table provides a quick reference for installing this app onto a distributed deployment of Splunk Enterprise.

Splunk instance type Supported Required Comments
Search Heads Yes Yes Install this app onto all search heads where you require knowledge management.
Indexers Yes Conditional The Splunk App for Unix and Linux does not require installation on indexers except in the case where you forward search head data to those indexers. If that is true, you must install the app onto those indexers. If you want to collect *nix data from those indexers, you must also install the Splunk Add-on for Unix and Linux (Splunk_TA_nix) onto the indexers.
Heavy Forwarders Yes No The Splunk App for Unix and Linux does not do anything when you install it on a heavy forwarder unless that forwarder is also a search head. If you want to collect *nix data from the HF, you must also install the Splunk Add-on for Unix and Linux (Splunk_TA_nix) component.
Universal Forwarders No No Use universal forwarders to get the data you need for the app. While the app does nothing when you install it on a universal forwarder, you can install the Splunk Add-on for Unix and Linux (Splunk_TA_nix) component on forwarders and send data to the Splunk App for Unix and Linux indexers.

Distributed deployment compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes You can install this app on a search head cluster. Follow the procedures that this manual outlines to get the data for the app, then install the app on the cluster.

Install the Splunk App for Unix and Linux on a search head cluster

Indexer Clusters Yes Before you start the Splunk App for Unix and Linux installation, configure your indexer cluster.
Deployment Server Yes You can use a deployment server to distribute the Splunk Add-on for Unix and Linux (Splunk_TA_nix) component onto hosts with installed universal forwarders to collect *nix data.


Hardware and operating system requirements

The Splunk App for Unix and Linux installs directly onto a Splunk search head or indexer. It can be configured either through the app's setup user interface in Splunk Web or manually via the command line.

The Splunk Add-on for Unix and Linux installs onto either an indexer or a universal forwarder. When installed on an indexer, the add-on can be configured either through the app's setup user interface in Splunk Web or manually via the command line. When installed on a universal forwarder, the add-on must be configured manually via the command line.

Both the full app and the add-on install on Splunk instances running on many versions of Unix, including Linux, Solaris, AIX, and HP/UX.

Hardware requirements for the Splunk App for Unix and Linux depend on what you plan to do with the app. At a minimum, your hardware should meet or exceed the minimum hardware requirements for Splunk itself.

Official support

While the Splunk App for Unix and Linux can be installed on any version of *nix that Splunk supports, only the following versions have official support:

  • For installation of the Splunk App for Unix and Linux, on search heads: Linux, any version that Splunk supports.
  • For installation of the Splunk Add-on for Unix and Linux, on universal forwarders: All versions of *nix listed in the Unix operating systems section of the core Splunk platform's System requirements topic.

Installing the Splunk Add-on for Unix and Linux onto a Windows Splunk instance has no effect.

What web browsers does the app support?

The Splunk App for Unix and Linux is not supported on any version of Internet Explorer because it makes heavy use of scalable vector graphics (SVG), a standard for which IE has limited support.

It can, however, be used on any other Splunk-supported browser.

What other items do the app and add-on require?

The Splunk Add-on for Unix and Linux requires the sysstat package to function properly. You can download the sysstat utilities from the sysstat utilities download page or from your local package repository (depending on the version of *nix your system runs.)

What are the other prerequisites?

The following table provides compatibility of Splunk App for Unix and Linux with different Splunk Add-on for Unix and Linux versions and Splunk versions:

Compatible Unix App version Compatible Nix Add-on version Compatible Splunk Version
6.0.0 8.1.0, 8.2.0 7.3.x, 8.0.x, 8.1.x, 8.2.0
Last modified on 25 May, 2021
PREVIOUS
Splunk App for Unix and Linux
  NEXT
What data the Splunk App and Splunk Add-on for Unix and Linux collect

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 6.0.0, 6.0.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters