Hi,
I have 2 Nix servers setup as below. I can't seem to find any of the Nix#2 data such as cpu and other system info from the splunk web's Splunk App for Unix App. All I can see is the information of the Nix#1. Splunk web is hosted in Nix#1.
I'm sure the Nix#2 is connected to Nix#1 as I could see an established connection via netstat -an | grep 9997 when run in the Nix#1 and the splunkd.log in Nix#2 shows that it is connected to idx=:9997
Nix#1
-Splunk enterprise (7.0.1)
-Splunk App for Unix
-Splunk Add-on for Unix and Linux
-Setup receiver (port 9997) via command line
Nix#2
-Splunk forwarder (7.0.1)
-Splunk Add-on for Unix and Linux
-Setup to send data to Nix#1 via splunk add forward-server :9997
Any idea?
Thanks.
Hi @ariel123,
Please follow below steps to configure this properly.
1.) splunk add forward-server :9997
is not correct, you need to execute command $SPLUNK_HOME/bin/splunk add forward-server <NIX 1 FQDN or IP>:9997
on Nix#2
2.) When you install Splunk Add-on for Unix and Linux on Nix#2 you need to enable different monitoring, you can copy $SPLUNK_HOME/etc/apps/Splunk_TA_nix/default/inputs.conf
to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf
(If local directory is not present in Splunk_TA_nix
please create it.
3.) Enable monitoring based on your requirements on Nix#2 in $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local/inputs.conf
from changing disabled=1
to disabled=0
4.) Restart splunkforwarder on #Nix2
5.) Check in Nix#1 using splunk query index=os host=Nix#1
, after executing this query if are will get output then you can play with Splunk App for Unix.
I hope this helps.
Thanks,
Harshil
Hi Harshil,
Thanks. The issue was that cpu.sh wasn't displaying info in ubuntu. It works on redhat though so I'll use the forwarder on redhat for now.
Cheers.