Troubleshoot the Splunk App for Unix and Linux
You can troubleshoot your Splunk App for Unix and Linux deployment if you are experiencing errors or if you are not seeing the data that you expect.
The bubble color differs from the actual value
The bubble in the chart shows the value of the selected parameter from the dropdowns. The color bar sets the color of the bubble, and the color bar shows a value between 1 to 100. If the bubble value is greater than 100, then the value is scaled to keep the number under 100.
Error about the
unix_summary index when enabling alerts
This error occurs when you are running a version 5.2.1 or earlier of the Splunk App for Unix and Linux and have not distributed the
indexes.conf file to all indexers in your instance. Alerts require this index to function correctly.
Missing or invalid
This error occurs when you skip the first-time configuration screen. Complete these two steps to fix it:
- Configure the app by selecting Settings from the main app menu.
- From the Settings screen, select Categories.
CPU information is not displaying
This error occurs when the
sysstat package is not installed on the system that hosts the app. Use your system's package manager to install the package.
Ubuntu systems do not ship with this package by default. Run the following command to add it:
apt-get install sysstat
Amazon EC2 Amazon Machine Image (AMI) systems also do not ship with this package installed by default. Run the following command to add it:
yum -y install sysstat
Home and Metrics views do not display data
If your Home and Metrics views do not display any data, navigate to the
web.conf file on the Splunk platform instance that runs the app and add the following stanza:
[settings] minify_js = True
If you set
minify_js to False, views do not load.
The value of
pctCPU calculates across all CPU, and not per individual cores. Use searches such as the following to split
pctCPU into smaller units:
Unable to change colors in radial graph on the Home Dashboard
if you move down the second color picker, and cross it with the first color picker, the bottom-most color does not update due to a technical limitation.
To reflect the changes, refresh the page.
Use the Alerts dashboard
Create custom alerts
This documentation applies to the following versions of Splunk® App for Unix and Linux: 6.0.0, 6.0.1