- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk App for Unix and Linux: Why doesn't the app...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was finally able to get data into the "os" index by creating it manually, but none of the source types exist. I see the data in a preview, but in the dashboards, nothing works.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you also have the TA installed?
The way I have understood it in the past is that the search head application will lay the groundwork for the indexes, sourcetypes, etc. No data will be populated in those areas until the TA puts the proper props.conf in place. Hope that helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you also have the TA installed?
The way I have understood it in the past is that the search head application will lay the groundwork for the indexes, sourcetypes, etc. No data will be populated in those areas until the TA puts the proper props.conf in place. Hope that helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you need to deploy the add-on onto your Unix systems. See What a Splunk App for Unix and Linux deployment looks like in the documentation.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, i was missing the TA on the search head even though it was installed on the remote hosts.
Sort of misleading since when you install the TA it says in big red letters (do not install on non *nix)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats strange. I just installed it on a new 6.5 instance and the only thing I had to do was enable the metrics I wanted to see in the Splunk_TA_nix.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So you see data in preview but not in sourcetypes, and you have the TA on the remote server. Sounds like the sourcetype and possibly field extractions might not have been created either. Especially if you can see the data in a query outside the app. Either that or it could be a permissions issues I guess if your account doesn't have access to some of the data, but that seems unlikely since you see the data in preview.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm using 6.3 on a windows server with information being forwarded via the add on from a remote unix server.
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
