Splunk® Supported Add-ons

Splunk Add-on for Unix and Linux

Download manual as PDF

Download topic as PDF

Source types for the Splunk Add-on for Unix and Linux

The Splunk Add-on for Unix and Linux provides the index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks in the following formats:

Source type Description CIM data models
aix_secure The AIX security log file Performance
auditd Auditd logs translated with ausearch n/a
bandwidth Network statistics Performance
bash_history A list of commands previously used in a bash shell n/a
config_file Configuration file information n/a
cpu CPU state information Performance
df Available disk space on mounted volumes Performance
dhcpd Dynamic Host Control Protocol (DHCP) daemon information Network Sessions
fs_notification File system notification changes Change Analysis
hardware Hardware specifications Inventory
interfaces Network interface information n/a
iostat Input/Output operation information Performance
lastlog Last login times for system accounts n/a
Linux:SELinuxConfig SELinux host configuration information n/a
linux_secure The Linux security log file Change Analysis, Performance
lsof A list of the open files on a host n/a
netstat The state of the network (open/listening ports, connections, and so on) on a host n/a
nfsiostat Collects NFS mounts data Performance, Inventory
openPorts A list of the open ports on a host Application State
osx_secure The security log file for Mac OS X Change Analysis, Performance
package A list of installed packages n/a
protocol Network protocol stack information n/a
ps Process information Application State
time Time service information n/a
top Process and system resource information Application State
Unix:CPUTime Statistics about the amount of time the CPU dedicated to specific processes Performance
Unix:ListeningPorts Network ports that the OS is listening on Application State
Unix:Service Unix service information Application State
Unix:SSHDConfig Local sshd configuration information n/a
Unix:Update A list of software updates for installed packages n/a
Unix:Uptime System date and uptime information Performance
Unix:UserAccounts User account information Inventory
Unix:Version OS version information Inventory
Unix:VSFTPDConfig Local VSFTP server configuration information n/a
usersWithLoginPrivs Users with elevated Iogin privileges n/a
vmstat Virtual memory information Performance
who All users currently logged in n/a
Splunk Add-on for Unix and Linux
Release notes for the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters