First make sure you deploy the Splunk Add-on for Unix and Linux on the servers you are trying to monitor (universal forwarders). By doing this, you will be receiving data from these servers as mentioned on the add-on documentation.
http://docs.splunk.com/Documentation/AddOns/released/UnixLinux/About
This add-on will populate the index and sourcetypes needed so you can run search queries against it to build reports/dashboards, and populate data for the App.
... View more