About the Content Pack for Monitoring Unix and Linux
The Content Pack for Monitoring Unix and Linux provides the elements needed for monitoring your OS-level health related to Linux and certain types of Unix servers. It uses the Splunk universal forwarder and technology add-on approach to collect log event data stored in Splunk Enterprise. This content pack leverages the Splunk Add-on for Unix and Linux, where the data being collected is sent to either event indexes or metric indexes or both.
The content pack includes a preconfigured service template for monitoring OS health metrics for CPU, memory, disk, and network. The KPIs in the service template are configured for general purpose only. You must tune them to accommodate your specific use case.
Content pack contents
This content pack contains the following objects:
- OS-level KPIs
- Five KPI base searches
NIX:OS:Performance.NIX-bandwidth
NIX:OS:Performance.NIX-cpu
NIX:OS:Performance.NIX-df
NIX:OS:Performance.NIX-iostat
NIX:OS:Performance.NIX-vmstat
- A service template named
Unix and Linux server health
- A sample service named
SAMPLE - Unix and Linux server health
to use for testing entity filtering and KPI thresholds
ITSI and ITE Work support
The content in the Content Pack for Monitoring Unix and Linux is only supported in ITSI.
Installation
If you're using ITSI version 4.9 or later, you can install the Content Pack for Monitoring Unix and Linux after installing the Splunk App for Content Packs. Install the content pack on the same search head where you installed ITSI. For installation instructions, see Install and configure the Content Pack for Monitoring Unix and Linux.
If you're using ITSI version 4.8 or earlier, you need to install the content pack using the backup ZIP file. For installation instructions, see Install and configure the Content Pack for Monitoring Unix and Linux.
Deployment requirements
Use the following table to determine ITSI version compatibility with various versions of the Content Pack for Monitoring Unix and Linux:
Content pack version | ITSI version | Splunk App for Content Packs version | Splunk Add-on for Unix and Linux |
---|---|---|---|
1.3.0 | 4.17.x, 4.18.x, 4.19.x | 2.2.0 | 8.5.0, 8.10.0 |
1.2.0 | 4.17.x, 4.18.x, 4.19.x | 2.0.0 | 8.5.0, 8.10.0 |
1.2.0 | 4.15.x, 4.16.x | 1.9.0 | 8.5.0, 8.7.0 |
1.1.0 | 4.9.4 or 4.11.0 and higher | 1.4.0 | 8.3.1 |
1.0.2 | 4.9.0 and higher | 1.0.0 | n/a |
1.0.1 | 4.6.0 and higher | n/a | n/a |
1.0.0 | 4.2.1 - 4.5.x | n/a | n/a |
Additional resources
- For ITSI deployment planning guidelines, see Plan your ITSI deployment in the Install and Upgrade manual.
- For ITSI version compatibility with Splunk Enterprise versions, see Splunk products version compatibility matrix.
- For data collection requirements for this content pack, see Data requirements for the Content Pack for Monitoring Unix and Linux.
Release Notes for the Content Pack for Monitoring Unix and Linux |
This documentation applies to the following versions of Content Pack for Monitoring Unix and Linux: 1.3.0
Feedback submitted, thanks!