Splunk® Add-on for Unix and Linux

Deploy and Use the Splunk Add-on for Unix and Linux

Download manual as PDF

Download topic as PDF

Source types and CIM data model info

The Splunk Add-on for Unix and Linux provides Common Information Model objects and index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks.

Source type information

Source type Description CIM data model(s)
config_file Information on various configuration files (.conf, .properties, .cfg, etc. n/a
dhcpd Information from the dynamic host control protocol (DHCP) daemon n/a
fs_notification File system notification changes Change Analysis
cpu CPU state information n/a
df Information on available disk space on mounted volumes n/a
hardware Information on hardware specification n/a
interfaces Information on network interfaces on the system n/a
iostat Information on Input/Output operations n/a
lsof A listing of the open files on a host n/a
netstat The state of the network (open/listening ports, connections, etc.) on a host n/a
OpenPorts A listing of the open ports on a host n/a
package A listing of packages installed on the system
protocol Network protocol stack information
ps Information on processes
time Information about the time service n/a
top Output from the *nix top command n/a
usersWithLoginPrivs Information on users with elevated Iogin privileges n/a
vmstat Information on virtual memory n/a
Linux:SELinuxConfig Information on the SELinux configuration on Linux hosts n/a
aix_secure The security (password violations, etc.) log file for AIX. n/a
osx_secure The security log file for Mac OS X n/a
linux_secure The security log file for Linux n/a
bash_history A listing of the commands previously invoked in a bash shell n/a

CIM data model tag population

Source type Description
Application State

listening
port
process
report
service

Authentication

authentication
cleartext
default
insecure
privileged

Change Analysis

account
audit
change
endpoint
network

Compute Inventory

cpu
default
inventory
memory
network
os
snapshot
storage
tools
user
virtual

Databases

database
instance
lock
query
session
stats
tablespace

Interprocess Messaging messaging
Intrusion Detection

attack
ids

JVM

classloading
compilation
jvm
memory
os
runtime
threading

Malware

attack
malware
operations

Network Resolution (DNS)

dns
network
resolution

Network Sessions

dhcp
end
network
session
start
vpn

Network Traffic

communicate
network

Performance

cpu
facilities
memory
network
os
performance
storage
synchronize
time
uptime

Splunk Audit Logs error
Splunk CIM Validation

listening
port
synchronize
time
uptime

Ticket Management

change
incident
problem
ticketing

Updates

error
status
update

Vulnerabilities

report
vulnerability

PREVIOUS
Use the Splunk Add-on for Unix and Linux
  NEXT
Release notes

This documentation applies to the following versions of Splunk® Add-on for Unix and Linux: 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters