Splunk® Supported Add-ons

Splunk Add-on for Unix and Linux

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Unix and Linux

The Splunk Add-on for Unix and Linux provides the index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks in the following formats:

Source type Description CIM data models
aix_secure The AIX security log file Authentication
auditd Auditd logs translated with ausearch n/a
bandwidth Network statistics Performance
bash_history A list of commands previously used in a bash shell n/a
config_file Configuration file information n/a
cpu CPU state information Performance
cpu_metric Statistical information of CPU n/a
df Available disk space on mounted volumes Performance
df_metric Statistical information of available disk space on mounted volumes n/a
dhcpd Dynamic Host Control Protocol (DHCP) daemon information Network Sessions
fs_notification File system notification changes Endpoint
hardware Hardware specifications Inventory
interfaces Network interface information Inventory
interfaces_metric Statistical information of network interface. n/a
iostat Input/Output operation information Performance
iostat_metric Statistical information of input/output operation. n/a
lastlog Last login times for system accounts n/a
linux_audit The Linux audit log file. Authentication, Change
Linux:SELinuxConfig SELinux host configuration information n/a
linux_secure The Linux security log file Authentication, Change
lsof A list of the open files on a host n/a
netstat The state of the network (open/listening ports, connections, and so on) on a host Endpoint
nfsiostat Collects NFS mounts data Performance
openPorts A list of the open ports on a host n/a
osx_secure The security log file for Mac OS X
package A list of installed packages n/a
protocol Network protocol stack information n/a
ps Process information Performance
ps_metric Process statistical information n/a
time Time service information n/a
top Process and system resource information n/a
Unix:CPUTime Statistics about the amount of time the CPU dedicated to specific processes Performance
Unix:ListeningPorts Network ports that the OS is listening on n/a
Unix:Service Unix service information Endpoint
Unix:SSHDConfig Local sshd configuration information n/a
Unix:Update A list of software updates for installed packages n/a
Unix:Uptime System date and uptime information Performance
Unix:UserAccounts User account information Inventory
Unix:Version OS version information Inventory
Unix:VSFTPDConfig Local VSFTP server configuration information n/a
usersWithLoginPrivs Users with elevated Iogin privileges n/a
vmstat Virtual memory information Performance
vmstat_metric Virtual memory statistical information n/a
who All users currently logged in n/a
Last modified on 08 November, 2023
About the Splunk Add-on for Unix and Linux
Release notes for the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters