- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- No *nix logs generating
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No *nix logs generating
M not much familiar with unix os I have installed splunk 4.1.2 on HP-UX 11.23 Itanium I enabled unix apps and also enabled to collect local statistics. I cudn't see any thing in search or unix app i.e no sources, no source types, no host. M i missing something..??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
as I know , currently *NIX app doesn't support HP-UNIX , you need to modify shell scripts by yourself. We are also seeking for professional man to modify those scripts under HP-UNIX.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I get the hpux splunk tar and untar it to /home2/splunk... i've tried :
chmod -R a=rwx ./splunk
chown -R root:sys ./splunk
I start splunk as root user using ./splunk start --accept-license
I've tried giving admin user all roles and putting os index in admin role. I can get data from existing files but what I really want to do is get data from the nix runtime stuff ie:
*nix app also indexes output from common system tools:
top: top processes on host vmstat: memory usage info iostat: io throughput ps: all process info netstat: network status and throughput protocol: detailed network throughput interfaces: stats per link-level Ethernet interface open ports: snapshot of open ports time: clock details lsof: open files per user, process df: disk and volume usage who: current active user sessions users with privileges: users with login accounts lastlog: last login time for users who have ever logged in cpu: shows stats per CPU rlog: auditd logs translated with ausearch packages: current installed packages hardware: details of host hardware*strong text*
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check and see if you have the right permissions on the folders or files being logged. For example, most folders/files in /var/log* are owned by root. You need to give Splunk a way to read those logs - either run splunk as root OR put the splunkuser in an admin group that has read permissions on said location.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i kept all the defaults and I have the same OS and problem. I've tried what you said and everything is enabled and roles set and assigned correctly. Not sure whats going on? Is there anything else that can be done?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you enabled the Nix app it may be sending all the data to a different index. I think ours was send to the index=os.
Log in as a Splunk admin and got to Manager - Indexes - and look for index name "os". This should be enable and assigned to the unix app. If so you will need to go back to manager - access control - roles - if you have created a role for your users select that role or open the admin role and scroll down till you see default indexes and under selected indexes verify that the "os" index is added.
This should give your admin account default access to that index so you will not have to add index=os to your searches.
travis.
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
