All Apps and Add-ons

Why is there an error when configuring Splunk App for Unix and Linux on Windows Search Head?

jlucas4
Explorer

I am trying to configure the Splunk App for Unix and Linux https://splunkbase.splunk.com/app/273/ on my Search Head, but on the Settings page I am getting an error.

I know this is due to a Windows OS hosting the Search Head since the page loads fine in my test Red Had machine.
My client requires all instances on my Splunk cluster to run on Windows Server 2016, and that cannot change. The error I am getting is: ServerSideInclude Module Error! Invalid template path. C:\APP\splunk_app_for_nix\appserver\static\settings.html.

My thoughts is that this error is caused by $SPLUNK_HOME being located in the Program Files directory and the app is unable to parse the space in the directory name. Are there any suggestions of how to fix this? I suppose I could resort to moving $SPLUNK_HOME to another directory. I would prefer not do that since I am not completely confident this would resolve the issue.

alt text

EDIT:
I changed $SPLUNK_HOME to E:\Splunk, but the same error message still points to C:. I reinstalled the app and gave full permissions to everyone to all files and folders in the app but no change.

All other tabs appear to work correctly, but not the Settings tab.

0 Karma
1 Solution

nickhills
Ultra Champion

If it helps your cause, looking at the release notes, it seems it may not 'technically' be supported on windows:
https://docs.splunk.com/Documentation/UnixApp/5.2.5/User/Platformandhardwarerequirements

Official support
While the Splunk App for Unix and Linux can be installed on any version of *nix that Splunk supports, only the following versions have official support:

For installation of the Splunk App for Unix and Linux, on search heads: Linux, any version that Splunk supports.

No specific mention of windows, but I always thought it was.

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma

Bhjindal
New Member

I was able to find a workaround to this issue which was to modify the macro os_index to your index directly under Advanced Search settings. For example index=linux_logs.

0 Karma

jlucas4
Explorer

@Bhjindal I tried modifying that macro, but that didn't fix the settings page inside the app.

0 Karma

nickhills
Ultra Champion

If it helps your cause, looking at the release notes, it seems it may not 'technically' be supported on windows:
https://docs.splunk.com/Documentation/UnixApp/5.2.5/User/Platformandhardwarerequirements

Official support
While the Splunk App for Unix and Linux can be installed on any version of *nix that Splunk supports, only the following versions have official support:

For installation of the Splunk App for Unix and Linux, on search heads: Linux, any version that Splunk supports.

No specific mention of windows, but I always thought it was.

If my comment helps, please give it a thumbs up!
0 Karma

jlucas4
Explorer

I must have missed that in the documentation. I will point out to management that the app is not officially supported and see if I can run it on Linux. Thanks for your help!

0 Karma

nickhills
Ultra Champion

The link i posted in the comment makes mention of some issues with installing into the default path.

It will help with a number if issues if you install Splunk on its own volume, and ideally low down in the file structure too.
e.g. D:\splunk

With this specific issue, i wonder if the $SPLUNK_HOME variable is not set for some reason, but the path it is complaining about looks very wrong.

Another issue that the default path causes can be permission related - Splunk needs to own its own file structure, and in program files there can be restrictions on what the user running Splunk can/can not do. Moving to its own path and ensuring the Splunk user has full control of all files/folder can help. - It's possible (based on nothing more than a guess) that this could be related.

If my comment helps, please give it a thumbs up!
0 Karma

nickhills
Ultra Champion

Strap yourself in! You are in for a bumpy ride with a mixed Linux/Windows estate with Splunk deployed on windows.
https://answers.splunk.com/answers/516059/what-are-the-pain-points-with-deploying-your-splun.html

If my comment helps, please give it a thumbs up!
0 Karma

jlucas4
Explorer

@nickhillscpl I changed the $SPLUNK_HOME location to E:\Splunk, but I am still getting the same error message pointing to C:. I reinstalled the app and gave full permissions to everyone to the app but no change. Do you have any other suggestions? All of the other tabs appear to work correctly, but not the Settings tab.

0 Karma

nickhills
Ultra Champion

Its a longshot - what locale is used in your url for settings?
yoursplunk:8000/en-US/app/splunk_app_for_nix/settings
Try with en-US if its something else - also what do you get if you enter that url directly?

If my comment helps, please give it a thumbs up!
0 Karma

jlucas4
Explorer

I am using the en-US locale, and I am greeted with the same error message with that URL. I'd like to get this working, but either way I am going to use this to try and convince management to convert to Linux, at least for the SH.

0 Karma

jlucas4
Explorer

Working on Windows is very frustrating, and I have run into a lot of issues with this deployment because of the OS. I will take your suggestion and move $SPLUNK_HOME lower in the file structure. Hopefully this will prevent other problems from occurring in the future.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...