Related Answers
Download topic as PDF
Source types for the Splunk Add-on for Unix and Linux
The Splunk Add-on for Unix and Linux provides the index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks in the following formats:
| Source type | Description | CIM data models |
|---|---|---|
aix_secure
|
The AIX security log file | Authentication |
auditd
|
Auditd logs translated with ausearch | n/a |
bandwidth
|
Network statistics | Performance |
bash_history
|
A list of commands previously used in a bash shell | n/a |
config_file
|
Configuration file information | n/a |
cpu
|
CPU state information | Performance |
cpu_metric
|
Statistical information of CPU | n/a |
df
|
Available disk space on mounted volumes | Performance |
df_metric
|
Statistical information of available disk space on mounted volumes | n/a |
dhcpd
|
Dynamic Host Control Protocol (DHCP) daemon information | Network Sessions |
fs_notification
|
File system notification changes | Endpoint |
hardware
|
Hardware specifications | Inventory |
interfaces
|
Network interface information | Inventory |
interfaces_metric
|
Statistical information of network interface. | n/a |
iostat
|
Input/Output operation information | Performance |
iostat_metric
|
Statistical information of input/output operation. | n/a |
lastlog
|
Last login times for system accounts | n/a |
linux_audit
|
The Linux audit log file. | Authentication, Change |
Linux:SELinuxConfig
|
SELinux host configuration information | n/a |
linux_secure
|
The Linux security log file | Authentication, Change |
lsof
|
A list of the open files on a host | n/a |
netstat
|
The state of the network (open/listening ports, connections, and so on) on a host | Endpoint |
nfsiostat
|
Collects NFS mounts data | Performance |
openPorts
|
A list of the open ports on a host | n/a |
osx_secure
|
The security log file for Mac OS X | |
package
|
A list of installed packages | n/a |
protocol
|
Network protocol stack information | n/a |
ps
|
Process information | Performance |
ps_metric
|
Process statistical information | n/a |
time
|
Time service information | n/a |
top
|
Process and system resource information | n/a |
Unix:CPUTime
|
Statistics about the amount of time the CPU dedicated to specific processes | Performance |
Unix:ListeningPorts
|
Network ports that the OS is listening on | n/a |
Unix:Service
|
Unix service information | Endpoint |
Unix:SSHDConfig
|
Local sshd configuration information | n/a |
Unix:Update
|
A list of software updates for installed packages | n/a |
Unix:Uptime
|
System date and uptime information | Performance |
Unix:UserAccounts
|
User account information | Inventory |
Unix:Version
|
OS version information | Inventory |
Unix:VSFTPDConfig
|
Local VSFTP server configuration information | n/a |
usersWithLoginPrivs
|
Users with elevated Iogin privileges | n/a |
vmstat
|
Virtual memory information | Performance |
vmstat_metric
|
Virtual memory statistical information | n/a |
who
|
All users currently logged in | n/a |
Last modified on 08 November, 2023
|
PREVIOUS About the Splunk Add-on for Unix and Linux |
NEXT Release notes for the Splunk Add-on for Unix and Linux |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!