When to use the Splunk Add-on for Linux
There are two Splunk supported add-ons applicable for Linux: the Splunk Add-on for Linux and the Splunk Add-on for Unix and Linux. Depending on your use case, you may want to use either or both:
| User scenario | Use this add-on |
|---|---|
| Collect performance metrics from Linux using CollectD | Splunk Add-on for Linux |
| Collect events from Linux using AuditD | Splunk Add-on for Linux |
| Collect performance metrics from Unix hosts or Linux hosts without CollectD | Splunk Add-on for Unix and Linux |
| Collect security events from Unix or Linux hosts | Splunk Add-on for Unix and Linux |
See What data the Splunk Add-on for Unix and Linux collects and what data the Splunk Add-on for Linux collects for more details about the data these two add-ons collect.
The Splunk Add-on for Unix and Linux and the Splunk Add-on for Linux are unrelated add-ons. There is no upgrade or migration from one to the other. If you want to replace the Splunk Add-on for Unix and Linux with the Splunk Add-on for Linux, you must disable any metrics inputs configured in the Splunk Add-on for Unix and Linux to prevent duplicate data collection.
| Source types for the Splunk Add-on for Linux | Release notes for the Splunk Add-on for Linux |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!