I have installed Unix Add-on on a Unix machine forwarder and by following the steps given in document below, then I have installed Splunk App for Unix on search head and Unix Add-on on Indexer(which is a search peer) but I am not getting any data of Unix in Unix App on search head.
I looked up in log files and have found below errors in search head:
02-19-2014 17:44:21.874 +0530 INFO ExecProcessor - New scheduled exec process: python "E:\Program Files\Splunk\etc\apps\splunk_app_for_nix\bin\scripted_inputs\dependency_manager.py"
02-19-2014 15:40:54.428 +0530 WARN BundleArchiver - Filtered nothing out of E:\Program Files\Splunk\etc\apps\splunk_deployment_monitor\metadata\local.meta, but size still changed: original_size=78, filtered_size=75, cosmetic_bytes=
Please help.
Regards,
Disha
Do you find any data if you search index=os?
Is the search head a deployment server as well?
Did you configure the application before you deployed it?
No, I don't get any data if run index=os
Search head is not a deployment server. In fact, I am not using deployment server as of now.
Yes, I have configured the application with the default inputs. Regarding configuration of application, if you need to know any specific details, please let me know.
Regards,
Disha
I forgot to paste the link of document which I referred, please find it below:
http://docs.splunk.com/Documentation/UnixApp/latest/User/AbouttheSplunkAppforUnix