Splunk® App for Unix and Linux

Install and Use the Splunk App for Unix and Linux

Download manual as PDF

Download topic as PDF

About the Splunk App for Unix and Linux

The Splunk App for Unix and Linux provides data inputs, searches, reports, alerts, and dashboards for Linux and Unix management. You can monitor and troubleshoot *nix operating systems on potentially large numbers of systems from one place. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration, and user data.

Use the Splunk App for Unix and Linux to:

  • Get information about who's logged into your system, including last login times and unauthorized login attempts.
  • Find out how much network throughput and bandwidth your system is using.
  • Determine the status of current running processes on your system, and who is running them.
  • Learn what software is installed on your system.

How does it work?

The Splunk App for Unix and Linux runs on top of a Splunk instance and gathers various system metrics, including:

  • Hardware information - CPU type, count, and cache; hard drives; network interface cards, count, and memory, as well as CPU statistics.
  • Disk information, including available disk space and associated input/output statistics for devices and partitions.
  • Information about the configured network interfaces, including connections, routing tables, and TCP/UDP transfer statistics.
  • User statistics, including last login times for system accounts, user attributes, and security-related information.
  • Information about processes, the files they open, and other resources they use.

The app presents this data to you with pre-built reports and dashboards to give you full visibility into your system's operation.

App Features

Central Visibility Into Operational Health

Get instant visibility into the operational health of Unix and Linux environments. Organize your hosts by groups of services specific to your environment. Use NOC-like dashboards for central insight into problems and visualize resource consumption of selected systems for easy detection of outliers and anomalies.

Performance and Resource Utilization Analytics

Set multiple customizable thresholds for your CPU and memory utilization across your groups of hosts to easily spot trends and spikes in resource utilization in your infrastructure. Isolate problems with configurable statistical comparisons, using 42 important host and OS metrics. Visualize trends and display side-by-side performance comparisons of the several hosts of interest to understand trends, establish baselines and optimize resource allocations. Quickly cross-compare CPU, RAM and disk historical capacity utilization across many different hosts to identify increased resource consumption.

Threshold-Based Alerts

Get real-time notifications of important events from your Unix and Linux environment using pre-packaged threshold-based alerts. Quickly assess the business impact of events and conduct remediation actions through insight into snapshots of various OS metrics around the time-specific alert fired. Compare the behavior of hosts in your systems and create long-term trends based on the alerts activity in your environment.

Correlation Across Technologies

Combine your OS data with data from all other technology tiers, such as applications, virtual, storage, networks and servers to gain a complete, centralized view of KPIs across your enterprise. Use Splunk search language, visualizations and correlations to find causal links across technologies. Get an accurate picture of resource usage and performance across multiple tiers of your IT stack.

Common Information Model Compatibility

Accelerate your deployment of new apps, users, data sources and features by utilizing this app’s compatibility with the Splunk Common Information Models (CIM). CIM compatibility enables quick time-to-value, as it allows for fast correlation of events from disparate technologies by Splunk apps such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

How do I get it?

Download the Splunk App for Unix and Linux from Splunkbase.

How do I upgrade from a previous version?

From version 5.0.x

You can upgrade directly from version 5.0 of the Splunk App for Unix and Linux through Splunk's in-app upgrade feature within Splunk Web, or from the command line.

From version 4.6.x and earlier

There is no supported upgrade path from version 4.6 of the Splunk App for Unix and Linux to this version. However, you can run both version 4.6 and this version simultaneously, if you so choose.

The installation package for this version of the app installs into a different directory than version 4.6. Once you have installed this version, you can then configure this version of the app to use the same indexes and source types that the version 4.6 app uses.

For detailed installation instructions, read "Install the Splunk App for Unix and Linux" in this manual.

Caution: Do not attempt to install this version of the app into the same directory of a version before 5.0. That is not supported and can render both versions of the app unusable.

Once you have configured and evaluated this version of the app, you can then remove the 4.6 version at a later date. No data loss will occur.

For information on any known issues in this version, review the release notes.

Comparison of the Splunk App for Unix and Linux components

This documentation applies to the following versions of Splunk® App for Unix and Linux: 5.2.3, 5.2.4, 5.2.5

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters