How to deploy Splunk on AIX/Unix servers for serve...

gsrikanth87 · ‎01-09-2015

Hallo,

We have 90 AIX/Unix servers. We are planning to implement Splunk on them. Now I have 2 to 3 test servers with me. Can you please explain me where to install the splunk applications and step by step procedure? For example:

ser1- splunk app(server)
ser2- splunk forwarder with addon (client1)
ser3- splunk forwarder with addon (client2)

If the above is correct, could you please explain the step by step procedure to deploy Splunk for system monitoring?

yannK · ‎01-09-2015

for details about the deployment
http://docs.splunk.com/Documentation/UnixApp/5.1TA/User/AbouttheSplunkTechnicalAdd-on%28TA%29forUnix...

For the Unix app, you need :

the "Splunk App for Unix and Linux" on the search-head (for the dashboards)
download here https://apps.splunk.com/app/273/
the "Splunk Add-on for Unix and Linux" on the indexers (for the indexes and sourcetype definitions), and on the forwarders (for the monitoring inputs and scripts)
download here https://apps.splunk.com/app/833

The extra step will be to preconfigure the add-on to enable the inputs you want before deploying it to the forwarders.
I recommend to use a full standalone splunk install, install the add-on, and enable the inputs using the UI. Then once satisfied, use this configured app (the modified setting must be in the $SPLUNK_HOME/etc/apps/appname/local/ folder if you want to check)

If you have a large number of Unix forwarders to monitor, you may want to use the deployment-server to deploy the preconfigured app at once.

How to deploy Splunk on AIX/Unix servers for server performance monitoring?

other

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?