Hello, I have single server which has Splunk Enterprise installed. My requirement is to monitor some linux hosts in our network, have them send performance data like CPU/Memory/DISK stats etc to the Splunk server. I have installed the Splunk App and Add-on for Unix and Linux (*NIX App and *NIX Add-on) my Splunk server. I also went ahead and installed the Universal Forwarder on one of my Linux hosts. What's next ? I am not getting any CPU/MEMORY/DISK data in my Splunk dashboard from the linux host. When i click on the "Splunk App for Unix and Linux" app in my Splunk dashboard it shows empty .
I have looked at the official documentation for the Splunk Add-on for Unix and Linux. It talks about installing the Add-on on the Universal Forwarder. This did not make sense to me, as i have a dozen Linux hosts in my environment , so are we supposed to install add-on on each n every host we want to monitor? Also, the installation instructions for" add-on" say on one hand to install it on the universal forwarder and on the other hand it says post install login to the Splunk interface and enable/disable the parameters, scripted inputs etc you want to monitor. The Universal Forwarder does not even have a Splunk Web interface .
If the add-on does need to be installed on each and every device we want to monitor, how do we configure the options like what inputs to monitor when there is no web interface on the device (which also has the universal forwarder installed)?
As an alternate the document talks about running the setup of add-on via command line. So i went ahead and ran the below as shown in their documentation on my linux host :--
$SPLUNK_HOME/bin/splunk cmd $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin/setup.sh*
This command then asks for splunk username and password.
If i enter her my splunk server interface admin credentials it says LOGIN Failed. Also, I have not setup any credentials when i installed the univ. forwarder on this host, so if i leave the username/pwd empty, it says LOGIN Failed again. What creds is it really expecting ?
Any help will be appreciated.
Neeraj
↧