Source types for the Splunk Add-on for Unix and Linux

The Splunk Add-on for Unix and Linux provides the index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks in the following formats.

Source type	Description	CIM data models
`config_file`	Information on various configuration files (.conf, .properties, .cfg, etc.)	n/a
`dhcpd`	Information from the dynamic host control protocol (DHCP) daemon	n/a
`fs_notification`	File system notification changes	Change Analysis
`cpu`	CPU state information	n/a
`df`	Information on available disk space on mounted volumes	n/a
`hardware`	Information on hardware specification	n/a
`interfaces`	Information on network interfaces on the system	n/a
`iostat`	Information on Input/Output operations	n/a
`lsof`	A listing of the open files on a host	n/a
`netstat`	The state of the network (open/listening ports, connections, etc.) on a host	n/a
`OpenPorts`	A listing of the open ports on a host	n/a
`package`	A listing of packages installed on the system
`protocol`	Network protocol stack information
`ps`	Information on processes
`time`	Information about the time service	n/a
`top`	Output from the *nix `top` command	n/a
`usersWithLoginPrivs`	Information on users with elevated Iogin privileges	n/a
`vmstat`	Information on virtual memory	n/a
`Linux:SELinuxConfig`	Information on the SELinux configuration on Linux hosts	n/a
`aix_secure`	The security (password violations, etc.) log file for AIX.	n/a
`osx_secure`	The security log file for Mac OS X	n/a
`linux_secure`	The security log file for Linux	n/a
`bash_history`	A listing of the commands previously invoked in a bash shell	n/a

Related answers from Splunk Community

Source types for the Splunk Add-on for Unix and Linux

Comments

Was this topic useful?