All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Could not find the forwarder details in the Splunk Web Splunk App for Unix ?

ariel123
Engager
‎12-06-2017 06:14 PM

Hi,
I have 2 Nix servers setup as below. I can't seem to find any of the Nix#2 data such as cpu and other system info from the splunk web's Splunk App for Unix App. All I can see is the information of the Nix#1. Splunk web is hosted in Nix#1.

I'm sure the Nix#2 is connected to Nix#1 as I could see an established connection via netstat -an | grep 9997 when run in the Nix#1 and the splunkd.log in Nix#2 shows that it is connected to idx=:9997

Nix#1
-Splunk enterprise (7.0.1)
-Splunk App for Unix
-Splunk Add-on for Unix and Linux
-Setup receiver (port 9997) via command line

Nix#2
-Splunk forwarder (7.0.1)
-Splunk Add-on for Unix and Linux
-Setup to send data to Nix#1 via splunk add forward-server :9997

Any idea?

Thanks.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎12-07-2017 05:55 AM

Hi @ariel123,

Please follow below steps to configure this properly.

1.) splunk add forward-server :9997 is not correct, you need to execute command $SPLUNK_HOME/bin/splunk add forward-server <NIX 1 FQDN or IP>:9997 on Nix#2
2.) When you install Splunk Add-on for Unix and Linux on Nix#2 you need to enable different monitoring, you can copy $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default/inputs.conf to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf (If local directory is not present in Splunk_TA_nix please create it.
3.) Enable monitoring based on your requirements on Nix#2 in $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf from changing disabled=1 to disabled=0
4.) Restart splunkforwarder on #Nix2
5.) Check in Nix#1 using splunk query index=os host=Nix#1, after executing this query if are will get output then you can play with Splunk App for Unix.

I hope this helps.

Thanks,
Harshil

0 Karma
Reply

ariel123
Engager
‎12-13-2017 05:45 PM

Hi Harshil,
Thanks. The issue was that cpu.sh wasn't displaying info in ubuntu. It works on redhat though so I'll use the forwarder on redhat for now.
Cheers.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...