Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk for *NIX

christopherhall
Engager
‎02-10-2011 08:08 PM

I have Splunk installed on a Windows server, and I want to collect data from certain Red Hat servers. I know I need to install Splunk as a light weight forwarder on the Red Hat systems, but do I need to install the "Splunk for UNIX and Linux" app on both the forwarder and the indexer?

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

Ron_Naken
Splunk Employee
Splunk Employee
‎02-10-2011 08:17 PM

You should install the *NIX app on those RHEL servers. The reason for this is that the app provides all the scripted inputs to grab the diagnostics data you will want to track (i.e. lsof, df, top, ps, etc.) without any additional work.

My recommendation is to install Splunk on a RHEL server, install the *NIX app, configure the app, ensure the app is operating properly -- you can see the populated dashboards -- then configure forwarding/receiving. Once you confirm the data is being received by your Indexers, convert Splunk on the RHEL server to an LWF:

./splunk enable app SplunkLightForwarder

View solution in original post

Reply
Solved! Jump to solution
Solution

Ron_Naken
Splunk Employee
Splunk Employee
‎02-10-2011 08:17 PM

You should install the *NIX app on those RHEL servers. The reason for this is that the app provides all the scripted inputs to grab the diagnostics data you will want to track (i.e. lsof, df, top, ps, etc.) without any additional work.

My recommendation is to install Splunk on a RHEL server, install the *NIX app, configure the app, ensure the app is operating properly -- you can see the populated dashboards -- then configure forwarding/receiving. Once you confirm the data is being received by your Indexers, convert Splunk on the RHEL server to an LWF:

./splunk enable app SplunkLightForwarder
Reply
Solved! Jump to solution

Ron_Naken
Splunk Employee
Splunk Employee
‎02-10-2011 08:22 PM

I would install the *NIX app on the Indexer, since it will provide you the dashboards/reports that you're going to use to view the data from the forwarders.

Reply
Solved! Jump to solution

Ron_Naken
Splunk Employee
Splunk Employee
‎02-10-2011 08:22 PM

It should be noted that if you have a large number of these, you might want to look into Deployment Server to allow pushing configuration changes in bulk.

Reply
Solved! Jump to solution

Ron_Naken
Splunk Employee
Splunk Employee
‎02-10-2011 08:21 PM

This should get you going for the first RHEL server you setup, as it is the easiest method to install, configure, and diagnose any issues. You could create a reference RHEL in this manner, then install the others initially as an LWF and copy the app and configs.

0 Karma
Reply
Solved! Jump to solution

christopherhall
Engager
‎02-10-2011 08:19 PM

Would I need to install the *NIX app on the indexer?

Reply
Get Updates on the Splunk Community!

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...