Splunk® Add-on for Unix and Linux

Deploy and Use the Splunk Add-on for Unix and Linux

Download manual as PDF

The documentation for the current version of this Add-on has moved. See the current version of the documentation for the Splunk Add-on for Unix and Linux.
Download topic as PDF

Source types for the Splunk Add-on for Unix and Linux

The Splunk Add-on for Unix and Linux provides the index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks in the following formats.

Source type Description CIM data models
config_file Information on various configuration files (.conf, .properties, .cfg, etc.) n/a
dhcpd Information from the dynamic host control protocol (DHCP) daemon n/a
fs_notification File system notification changes Change Analysis
cpu CPU state information n/a
df Information on available disk space on mounted volumes n/a
hardware Information on hardware specification n/a
interfaces Information on network interfaces on the system n/a
iostat Information on Input/Output operations n/a
lsof A listing of the open files on a host n/a
netstat The state of the network (open/listening ports, connections, etc.) on a host n/a
OpenPorts A listing of the open ports on a host n/a
package A listing of packages installed on the system
protocol Network protocol stack information
ps Information on processes
time Information about the time service n/a
top Output from the *nix top command n/a
usersWithLoginPrivs Information on users with elevated Iogin privileges n/a
vmstat Information on virtual memory n/a
Linux:SELinuxConfig Information on the SELinux configuration on Linux hosts n/a
aix_secure The security (password violations, etc.) log file for AIX. n/a
osx_secure The security log file for Mac OS X n/a
linux_secure The security log file for Linux n/a
bash_history A listing of the commands previously invoked in a bash shell n/a
About the Splunk Add-on for Unix and Linux
Release notes for the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® Add-on for Unix and Linux: 6.0.0

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters