- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- How can I get the scripts that are found within th...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can I get the scripts that are found within the Splunk Add-on for Linux and UNIX to generate and send us the information?
Hey Guys,
So I'm looking into an issue; getting the scripts that are found within the Splunk Add-on for Linux and UNIX to generate and send us the information. Currently only the monitored inputs are working correctly, sending its data parsed as expected. (https://docs.splunk.com/Documentation/UnixAddOn/5.2.4/User/InstalltheSplunkAdd-onforUnixandLinux). We are using the Deployment server to distribute the Splunk_TA_nix application to the linux nodes.
Our Setup: Server 2012 R2 (Indexer/Deployment Server) sending the Splunk_TA_nix to the Red hat Linux servers, all the monitored inputs are working to send its data back and can view the source types parsed and working as expected, none of the scripts are working. Anything that looks like: [script://./bin/my_script.sh] doesn't work, Do you know why?
In my research I've found people who seem to have similar issues:
https://answers.splunk.com/answers/60060/how-to-set-automatically-executable-attribute-of-file-in-sp...
https://answers.splunk.com/answers/45408/splunk-not-showing-linux-logs.html - Permission issue was resolved in Kristian kolb's reply.
https://answers.splunk.com/answers/102439/app-for-linux-on-windows-indexer.html - Others who are confused on how to use this app when hosted on a windows box.
https://answers.splunk.com/answers/237809/why-am-i-getting-this-error-trying-to-configure-th.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can troubleshoot why your scripts are not working, but it is more than likely a permissions issue if you enabled inputs in your inputs.conf and you still do not see your data. You can do this:
Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin.
Run sh --debug to run the script in debug mode.
The debug output is saved in debug----. This file contains the command that was executed, and its output or the failure reason. Use this information to resolve the missing data issue.
Also, for what it is worth, it is NOT recommended to run a Deployment Server and an Indexer on the same server. Especially a Windows box.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
By default the scripted inputs are disabled (disabled = 1). Enable the inputs that you want the add-on to monitor by setting the disabled attribute for each input stanza to 0. Be sure to do this editing under local/inputs.conf
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
