Splunk® Add-on for Unix and Linux (Legacy)

Deploy and Use the Splunk Add-on for Unix and Linux

Acrobat logo Download manual as PDF


The documentation for the current version of this Add-on has moved. See the current version of the documentation for the Splunk Add-on for Unix and Linux.
This documentation does not apply to the most recent version of Splunk® Add-on for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

About the Splunk Add-on for Unix and Linux

The Splunk Add-on for Unix and Linux collects *nix data from *nix hosts. It provides knowledge objects for the Splunk App for Unix and Linux and other Splunk apps.

You can install the Splunk Add-on for Unix and Linux on a forwarder to send data from any number of *nix hosts to a Splunk Enterprise indexer or group of indexers. You can also use the add-on to provide data for other apps, such as Splunk IT Service Intelligence or Splunk Enterprise Security.

For more information about what data the add-on collects from your *nix hosts, see What data the Splunk Add-on for Unix and Linux collects.

How does it work?

The Splunk Add-on for Unix and Linux runs on top of a Splunk indexer or forwarder and gathers system metrics with a number of data inputs. These metrics include but are not limited to:

  • Hardware information - CPU type, count, and cache; hard drives; network interface cards, count, and memory, as well as CPU statistics.
  • Disk information, including available disk space and associated input/output statistics for devices and partitions.
  • Information about the configured network interfaces, including connections, routing tables, and TCP/UDP transfer statistics .
  • User statistics, including last login times for system accounts, user attributes, and security-related information.
  • Information about processes, the files they open, and other resources they use.

How do I get it?

Download the Splunk Add-on for Unix and Linux from Splunkbase.

How do I upgrade from a previous version?

If you already run the Splunk Add-on for Unix and Linux and want to upgrade, download the add-on installation package and unarchive it into the same directory as the existing add-on.

Release notes

For information on known issues and fixes in this version, see the release notes.

Last modified on 04 May, 2016
  NEXT
New to Splunk?

This documentation applies to the following versions of Splunk® Add-on for Unix and Linux (Legacy): 5.2.4


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters