Content Pack for Monitoring Unix and Linux

Content Pack for Monitoring Unix and Linux

About the Content Pack for Monitoring Unix and Linux

The Content Pack for Monitoring Unix and Linux provides the elements needed for monitoring your OS-level health related to Linux and certain types of Unix servers. It uses the Splunk universal forwarder and technology add-on approach to collect log event data stored in Splunk Enterprise. This content pack leverages the Splunk Add-on for Unix and Linux, where the data being collected is sent to either event indexes or metric indexes or both.

The content pack includes a preconfigured service template for monitoring OS health metrics for CPU, memory, disk, and network. The KPIs in the service template are configured for general purpose only. You must tune them to accommodate your specific use case.

Content pack contents

This content pack contains the following objects:

  • OS-level KPIs
  • Five KPI base searches
    • NIX:OS:Performance.NIX-bandwidth
    • NIX:OS:Performance.NIX-cpu
    • NIX:OS:Performance.NIX-df
    • NIX:OS:Performance.NIX-iostat
    • NIX:OS:Performance.NIX-vmstat
  • A service template named Unix and Linux server health
  • A sample service named SAMPLE - Unix and Linux server health to use for testing entity filtering and KPI thresholds

ITSI and ITE Work support

The content in the Content Pack for Monitoring Unix and Linux is only supported in ITSI.

Installation

If you're using ITSI version 4.9 or later, you can install the Content Pack for Monitoring Unix and Linux after installing the Splunk App for Content Packs. Install the content pack on the same search head where you installed ITSI. For installation instructions, see Install and configure the Content Pack for Monitoring Unix and Linux.

If you're using ITSI version 4.8 or earlier, you need to install the content pack using the backup ZIP file. For installation instructions, see Install and configure the Content Pack for Monitoring Unix and Linux.

Deployment requirements

Use the following table to determine ITSI version compatibility with various versions of the Content Pack for Monitoring Unix and Linux:

Content pack version ITSI version Splunk App for Content Packs version Splunk Add-on for Unix and Linux
1.3.0 4.17.x, 4.18.x, 4.19.x 2.2.0 8.5.0, 8.10.0
1.2.0 4.17.x, 4.18.x, 4.19.x 2.0.0 8.5.0, 8.10.0
1.2.0 4.15.x, 4.16.x 1.9.0 8.5.0, 8.7.0
1.1.0 4.9.4 or 4.11.0 and higher 1.4.0 8.3.1
1.0.2 4.9.0 and higher 1.0.0 n/a
1.0.1 4.6.0 and higher n/a n/a
1.0.0 4.2.1 - 4.5.x n/a n/a

Additional resources

Last modified on 04 June, 2024
  Release Notes for the Content Pack for Monitoring Unix and Linux

This documentation applies to the following versions of Content Pack for Monitoring Unix and Linux: 1.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters