Splunk® Add-on for Unix and Linux (Legacy)

Deploy and Use the Splunk Add-on for Unix and Linux

The documentation for the current version of this Add-on has moved. See the current version of the documentation for the Splunk Add-on for Unix and Linux.
This documentation does not apply to the most recent version of Splunk® Add-on for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.

Source types and CIM data model info

The Splunk Add-on for Unix and Linux provides Common Information Model objects and index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks.

Source type information

Source type Description CIM data model(s)
config_file Information on various configuration files (.conf, .properties, .cfg, etc. n/a
dhcpd Information from the dynamic host control protocol (DHCP) daemon n/a
fs_notification File system notification changes Change Analysis
cpu CPU state information n/a
df Information on available disk space on mounted volumes n/a
hardware Information on hardware specification n/a
interfaces Information on network interfaces on the system n/a
iostat Information on Input/Output operations n/a
lsof A listing of the open files on a host n/a
netstat The state of the network (open/listening ports, connections, etc.) on a host n/a
OpenPorts A listing of the open ports on a host n/a
package A listing of packages installed on the system
protocol Network protocol stack information
ps Information on processes
time Information about the time service n/a
top Output from the *nix top command n/a
usersWithLoginPrivs Information on users with elevated Iogin privileges n/a
vmstat Information on virtual memory n/a
Linux:SELinuxConfig Information on the SELinux configuration on Linux hosts n/a
aix_secure The security (password violations, etc.) log file for AIX. n/a
osx_secure The security log file for Mac OS X n/a
linux_secure The security log file for Linux n/a
bash_history A listing of the commands previously invoked in a bash shell n/a

CIM data model tag population

Source type Description
Application State

listening
port
process
report
service

Authentication

authentication
cleartext
default
insecure
privileged

Change Analysis

account
audit
change
endpoint
network

Compute Inventory

cpu
default
inventory
memory
network
os
snapshot
storage
tools
user
virtual

Databases

database
instance
lock
query
session
stats
tablespace

Interprocess Messaging messaging
Intrusion Detection

attack
ids

JVM

classloading
compilation
jvm
memory
os
runtime
threading

Malware

attack
malware
operations

Network Resolution (DNS)

dns
network
resolution

Network Sessions

dhcp
end
network
session
start
vpn

Network Traffic

communicate
network

Performance

cpu
facilities
memory
network
os
performance
storage
synchronize
time
uptime

Splunk Audit Logs error
Splunk CIM Validation

listening
port
synchronize
time
uptime

Ticket Management

change
incident
problem
ticketing

Updates

error
status
update

Vulnerabilities

report
vulnerability

Last modified on 01 June, 2015
Use the Splunk Add-on for Unix and Linux   Release notes for Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® Add-on for Unix and Linux (Legacy): 5.2.4

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters