- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- How to configure the Splunk App for Unix and Linux...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to configure the Splunk App for Unix and Linux to work on a Windows Machine?
I am working on a Windows machine (Windows 7 64bit) with Splunk 6.4.1. I have installed the Splunk App for Unix and Linux, and the Add-on as well.
Now I'm trying to get the data to feed into Splunk so it can be indexed and my Windows setup for Splunk can display/index the data.
I read through the documentation, and if I get it correctly, I'm supposed to install the Universal Indexer onto the Unix (in my case) setup in order to send the data in a readable format into my install of Splunk.
The goal is to see the health of the Unix machines on my instance/setup of Splunk on my Windows 7 machine.
Am I on the right track? Has anyone successfully done a similar setup to what I'm trying to achieve? I have not delved into the scripting of config files which I also saw on the documentation for Splunk App for Unix/Linux... which I'm guessing I may have to mess with to get it working.... is this a correct assumption too?
I saw this thread below, which kind of seemed like he was trying to achieve the same thing:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This procedure should get you up and running:
- On the Windows instance, set up the instance to receive data from forwarders. You can use Splunk Web or the Splunk CLI. An example CLI follows:
cd C:\Program Files\Splunk .\splunk enable listen 9997 -auth admin:changeme .\splunk restart
cd C:\Program Files\Splunk .\splunk install app C:\Path\To\Splunk-App-for-Nix.tgz
cd C:\Program Files\Splunk xcopy C:\Program Files\Splunk\etc\apps\splunk-app-for-nix\install\Splunk_TA_Nix C:\Program Files\Splunk\etc\apps /s /e /v
cd /opt
tar xvzf /path/to/splunk.tgz
cd /opt/splunk ./splunk start [Accept the license agreement and wait for initial setup to complete] ./splunk add forward-server <host name of Windows indexer:9997>
cd /opt/splunk ./splunk install app /path/to/splunk-add-on-for-unix-and-linux.tgz ./splunk restart
export SPLUNK_HOME=/opt/splunk cd $SPLUNK_HOME/etc/apps/Splunk_TA_nix . ./setup.sh
setup.sh program. For example, if you wanted to enable all of the Unix inputs, you would enter 2, then 2 again, then 1, then press Enter to return to the main menu, then enter 0 to exit the setup program.index=os host=<name of unix host>
If you don't see data, then make sure that:
* You installed the Splunk Add-on for Unix and Linux onto the Windows host.
* You configured the Splunk Add-on for Unix and Linux on the Unix host to enable the add-on inputs.
* There is not a network connectivity problem between the Unix host and the Windows host.
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
