About the Splunk Add-on for Unix and Linux
| Version | 9.2.0 |
| Vendor products | All supported Unix operating systems. See Unix operating systems. |
| Add-on has web UI | Yes. This add-on contains views for configuration. |
The Splunk Add-on for Unix and Linux allows a Splunk software administrator to collect data from Unix and Linux hosts. Install the Splunk Add-on for Unix and Linux on a forwarder to send data from any number of hosts to a Splunk Enterprise indexer or group of indexers. You can also use the add-on to provide data for other apps, such as Splunk IT Service Intelligence (ITSI) or Splunk Enterprise Security.
File Monitoring Inputs
The Splunk Add-on for Unix and Linux collects the following data using file inputs:
- Monitoring
/etcdirectory - Monitoring
/var/logdirectory - Monitoring
/home/*/.bash_historydirectory - Monitoring
/root/.bash_historydirectory - Monitoring
/var/admdirectory - Monitoring
/Library/Logs
Scripted Inputs
The add-on collects data with the following scripted inputs:
| Input | Description |
|---|---|
bandwidth.sh
|
Network statistics via the shell commands dlstat, netstat, and sar
|
cpu.sh
|
CPU statistics via the shell commands sar, mpstat, and iostat
|
cpu_metric.sh
|
CPU statistics and OS info via the shell commands hostname, ifconfig, uname, sar, mpstat, and iostat
|
df.sh
|
Free disk space for each mount point via the shell commands df, mount, and fstyp
|
df_metric.sh
|
Statistics of free disk space for each mount point and OS info via the shell commands hostname, ifconfig, uname, df, mount, and fstyp.
|
hardware.sh
|
Hardware information via the shell commands cpuinfo, df, dmesg, hwinfo, ifconfig, ioscan, iostat, ip, lanscan, lsattr, lscfg, lsdev, lsps, lspv, meminfo, mpstat, prtconf, prtdiag, sysctl, system_profiler, swap, swapinfo, and top
|
interfaces.sh
|
Configured network interfaces via the shell commands dmesg, ethtool, ifconfig, kstat, lanscan, lanadmin, and netstat
|
interfaces_metric.sh
|
Statistics of configured network interfaces and OS info via the shell commands hostname, ifconfig, uname, dmesg, ethtool, ifconfig, kstat, lanscan, lanadmin, and netstat
|
iostat.sh
|
Input/output statistics for block devices and partitions via the shell commands darwin_disk_stats, iostat, and sar
|
iostat_metric.sh
|
Statistics of Input/output statistics for block devices and partitions and OS info via the shell commands hostname, ifconfig, uname, darwin_disk_stats, iostat, and sar
|
lastlog.sh
|
Last login times for system accounts via the shell commands last, lastb, and lastlogin
|
lsof.sh
|
Process information via the shell command lsof
|
netstat.sh
|
Network connections, routing tables, and network interface information via the shell command netstat
|
nfsiostat.sh
|
Collects NFS mounts data via the shell command nfsiostat. Requires the nfs-utils package.
|
openPorts.sh
|
Available network ports via the shell command netstat
|
openPortsEnhanced.sh
|
TCP/UDP ports in a listening state, and information on process, process ID, IP version, and so on. via the shell commands lsof, and netstat
|
package.sh
|
Lists installed software packages via the shell commands dpkg-query, pkginfo, pkg_info, pkg info, system_profiler, and swlist
|
passwd.sh
|
Shows username and associated user ID, user group ID, and shell |
protocol.sh
|
TCP/UDP transfer statistics via the shell commands netstat or nstat
|
ps.sh
|
Status of current running processes via the shell command ps
|
ps_metric.sh
|
Statistics of the status of currently running processes and OS info via the shell command hostname, ifconfig, uname and ps
|
rlog.sh
|
Linux Auditing System events information recorded in /var/log/audit/audit.log by auditd
|
selinuxChecker.sh
|
Parses /etc/sysconfig/selinux to check if SELinux is configured
|
service.sh
|
Running services and associated details via the shell commands chkconfig, dscl, svcs, and systemctl
|
sshdChecker.sh
|
Parses sshd_config for information local sshd configurations
|
time.sh
|
System date and time, and NTP server time via the shell commands and chronyc, date andntpdate
|
top.sh
|
List of running system processes via the shell commands ps and top
|
update.sh
|
Available software updates for installed packages via the shell commands softwareupdate, yum and zypper
|
uptime.sh
|
System date and uptime information via the shell command date
|
usersWithLoginPrivs.sh
|
Shows system username information |
version.sh
|
OS version details via the shell command uname
|
vmstat.sh
|
Process-related memory usage information via the shell commands prstat, prtconf, ps, sar, svmon, swap, swapinfo, sysctl, top, uptime, and vmstat
|
vmstat_metric.sh
|
Statistics of process-related memory usage information and OS info via the shell commands hostname, ifconfig, uname prstat, prtconf, ps, sar, svmon, swap, swapinfo, sysctl, top, uptime, and vmstat
|
vsftpdChecker.sh
|
Parses vsftpd.conf for information about local VSFTP server configurations in /etc, /etc/vsftpd, or /private/etc
|
who.sh
|
Information about all users currently logged in via the shell command who
|
The add-on displays question marks ("?") for blank fields that the scripted inputs return within individual events. This is expected behavior to preserve field spacing.
Download the Splunk Add-on for Unix and Linux from Splunkbase.
For a summary of new features, fixed issues, and known issues, see Release notes for the Splunk Add-on for Unix and Linux.
For information about installing and configuring the Splunk Add-on for Unix and Linux, see Installation and configuration overview for the Splunk Add-on for Unix and Linux.
See Splunk Community page for questions related to Splunk Add-on for Unix and Linux on Splunk Answers.
| Source types for the Splunk Add-on for Unix and Linux |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!