On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy).
For documentation on the most recent version, go to the latest release.
Release notes
This topic contains information on new features, known issues, and updates as we version the Splunk App for Unix and Linux.
What's new
Here's what's new in the latest version of the Splunk App for Unix and Linux:
- The TA now supports HP/UX.
- The TA can now be used on universal forwarders, as it collects all data with shell scripts.
- New scripted inputs have been added to facilitate tighter integration with the Splunk App for Enterprise Security.
Current known issues
The Splunk Technology Add-on for Unix and Linux has the following known issues:
- On Solaris servers with less than two processors, the
cpu.shscripted input does not return results. This causes the Percent Load by Host dashboard to not display information for those hosts. (NIX-275) - The
common.shscripted input does not set theLANGlocale environment variable. This can cause problems for *nix systems that use a locale other than "en_US"or "en_US.UTF8": The output of several commands displays differently based on the system's locale, which affects how scripted inputs interpret the data that the commands generate. To work around the problem, edit$SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin/common.shand add the following line at the beginning (NIX-203):
LANG=en_US.UTF8
- On FreeBSD systems, the
lsof.shscripted input is not functional. (SPL-44786)
Change log (what's been fixed)
From version 4.6 to 4.7
- The TA now supports HP/UX. (NIX-75)
- The TA now has improved integration with the Splunk App for Enterprise Security. Nine new scripted inputs have been added which replace several apps included in the previous version of that product. (NIX-205, SOLNESS-3111)
From version 4.5 to 4.6
- The search command for file system changes now works properly. (APP-28)
- The TA no longer complains of missing fields for some search results, in particular,
pctIoWait. (APP-42) - The TA now properly captures both SSH login successes and failures. (APP-63)
- When commands with the same name run at the same time, the TA now properly adds their resource usage statistics together, instead of averaging them. (APP-67)
- On Oracle Enterprise Linux (OEL) and AIX systems with Micro-partitioning enabled, the TA's
cpu.shscript now produces correct information about the computer's CPU. (APP-82) - The TA's scripts now function properly on Mac OS X 10.7 Lion. (APP-98)
- On all versions of Mac OS X, the TA now properly captures failures with the 'su' command. (APP-101)
- The TA's
interface.shscript no longer exhausts a server's TCP connection pool in an attempt to get reverse DNS information. (APP-106) - The TA now properly captures user creation events. (APP-145)
- On Solaris systems, the TA now properly gathers and displays memory statistics in megabytes instead of kilobytes. (APP-152)
- The TA's
interfaces.shnow properly captures network interface information on all OS versions. (APP-160, APP-162)
Last modified on 19 June, 2013
| Configuration |
This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.7
Download manual
Feedback submitted, thanks!