Splunk® Add-on for Unix and Linux (Legacy)

Deploy and Use the Splunk Add-on for Unix and Linux

Acrobat logo Download manual as PDF

The documentation for the current version of this Add-on has moved. See the current version of the documentation for the Splunk Add-on for Unix and Linux.
Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Unix and Linux

The Splunk Add-on for Unix and Linux provides the index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks in the following formats.

Source type Description CIM data models
config_file Information on various configuration files (.conf, .properties, .cfg, etc.) n/a
dhcpd Information from the dynamic host control protocol (DHCP) daemon n/a
fs_notification File system notification changes Change Analysis
cpu CPU state information n/a
df Information on available disk space on mounted volumes n/a
hardware Information on hardware specification n/a
interfaces Information on network interfaces on the system n/a
iostat Information on Input/Output operations n/a
lsof A listing of the open files on a host n/a
netstat The state of the network (open/listening ports, connections, etc.) on a host n/a
OpenPorts A listing of the open ports on a host n/a
package A listing of packages installed on the system
protocol Network protocol stack information
ps Information on processes
time Information about the time service n/a
top Output from the *nix top command n/a
usersWithLoginPrivs Information on users with elevated Iogin privileges n/a
vmstat Information on virtual memory n/a
Linux:SELinuxConfig Information on the SELinux configuration on Linux hosts n/a
aix_secure The security (password violations, etc.) log file for AIX. n/a
osx_secure The security log file for Mac OS X n/a
linux_secure The security log file for Linux n/a
bash_history A listing of the commands previously invoked in a bash shell n/a
Last modified on 18 May, 2018
About the Splunk Add-on for Unix and Linux
Release notes for the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® Add-on for Unix and Linux (Legacy): 6.0.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters