All Apps and Add-ons

How to configure metrics for the Splunk Add-on for Unix and Linux to forward to the Splunk Cloud Sandbox?

klausg
Explorer

Hi All

I have a forwarder watching /var/log on a AWS linux machine, and I can see the logs in the Splunk Cloud Sandbox. Now I want to add monitoring of the linux box, CPU, memory, etc.
I have unarchived splunk-add-on-for-unix-and-linux_512.tgz in /opt/splunkforwarder/etc/apps/ (where /Splunk_TA_nix is created) and restarted the forwarder.

I'm wondering how I can configure the various metrics sent to my Splunk Cloud (sandbox) instance, and how do I access the data in the web GUI?

In the Splunk web interface I'm getting the following error:

received event for unconfigured/disabled/deleted index='os' with source='source::/var/log/auth.log' host='host::ip-x-x-x-x' sourcetype='sourcetype::syslog' (1 missing total)
I do not know if it is related (but I didn't get it previously).

In general I'm missing a good how-to guide, that tells me how the Splunk Cloud setup works, for instance how the apps installed on the forwarder interacts with the Cloud, and how they are configured.
Also all my configurations on the forwarder must be done using CLI from automated (ansible) scripts.

/Klaus

0 Karma

yannK
Splunk Employee
Splunk Employee

On the cloud instance , ask your admin to
- create the missing index OS from the settings > indexes
- and install the unix app, to make sure that you have the correct parsing rules and the dashboards.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...