Splunk® IT Essentials Work

Entity Integrations Manual

This documentation does not apply to the most recent version of Splunk® IT Essentials Work. For documentation on the most recent version, go to the latest release.

*nix data you can collect with collectd in ITE Work

You can collect the following metrics data for *nix systems with collectd.

Default dimensions for *nix integrations

These are the default entity-identifying dimensions for each *nix host:

  • host
  • ip
  • kernel_version
  • entity_type

Source types for *nix integrations

These are the source types for metrics and log data:

Data type Source type
Metrics
  • itsi_im_metrics
Logs
  • syslog
  • combined_access

Metrics data for *nix integrations

These are the metrics collectd collects for each *nix host:

Category Metric
CPU
  • cpu.idle
  • cpu.interrupt
  • cpu.nice
  • cpu.softirq
  • cpu.steal
  • cpu.system
  • cpu.user
  • cpu.wait
Memory
  • memory.buffered
  • memory.cached
  • memory.free
  • memory.slab_recl
  • memory.slab_unrecl
  • memory.used
DF
  • df.free
  • df.reserved
  • df.used
Load
  • load.longterm
  • load.midterm
  • load.shortterm
Disk
  • disk.io_time.io_time
  • disk.io_time.weighted_io_time
  • disk.merged.read
  • disk.merged.write
  • disk.octets.read
  • disk.octets.write
  • disk.ops.read
  • disk.ops.write
  • disk.pending_operations
  • disk.time.read
  • disk.time.write
Interface
  • interface.dropped.rx
  • interface.dropped.tx
  • interface.errors.rx
  • interface.errors.tx
  • interface.octets.rx
  • interface.octets.tx
  • interface.packets.rx
  • interface.packets.tx

Log data for *nix integrations

These are the logs a universal forwarder collects for each *nix host by default:

  • /etc/collectd/collectd.log
  • $SPLUNK_HOME/var/log/splunk/*.log*
  • /var/log/syslog
  • /var/log/daemon.log
  • /var/log/auth.log
Last modified on 28 February, 2024
Unix and Linux integration requirements in ITE Work for collectd   Collect *nix data in ITE Work with the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.6, 4.12.0 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters