About the Splunk Add-on for Unix and Linux
The Splunk Add-on for Unix and Linux collects *nix data from *nix hosts. It provides knowledge objects for the Splunk App for Unix and Linux and other Splunk apps.
You can install the Splunk Add-on for Unix and Linux on a forwarder to send data from any number of *nix hosts to a Splunk Enterprise indexer or group of indexers. You can also use the add-on to provide data for other apps, such as Splunk IT Service Intelligence or Splunk Enterprise Security.
For more information about what data the add-on collects from your *nix hosts, see What data the Splunk Add-on for Unix and Linux collects.
How does it work?
The Splunk Add-on for Unix and Linux runs on top of a Splunk indexer or forwarder and gathers system metrics with a number of data inputs. These metrics include but are not limited to:
- Hardware information - CPU type, count, and cache; hard drives; network interface cards, count, and memory, as well as CPU statistics.
- Disk information, including available disk space and associated input/output statistics for devices and partitions.
- Information about the configured network interfaces, including connections, routing tables, and TCP/UDP transfer statistics .
- User statistics, including last login times for system accounts, user attributes, and security-related information.
- Information about processes, the files they open, and other resources they use.
How do I get it?
Download the Splunk Add-on for Unix and Linux from Splunkbase.
How do I upgrade from a previous version?
If you already run the Splunk Add-on for Unix and Linux and want to upgrade, download the add-on installation package and unarchive it into the same directory as the existing add-on.
For information on known issues and fixes in this version, see the release notes.
New to Splunk?
This documentation applies to the following versions of Splunk® Add-on for Unix and Linux: 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3