About the Splunk Add-on for Unix and Linux
| Version | 6.0.0 |
| Vendor Products | All supported Unix operating systems. See Unix operating systems. |
| Visible in Splunk Web | Yes. This add-on contains views for configuration. |
The Splunk Add-on for Unix and Linux collects *nix data from *nix hosts. You can install the Splunk Add-on for Unix and Linux on a forwarder to send data from any number of *nix hosts to a Splunk Enterprise indexer or group of indexers. You can also use the add-on to provide data for other apps, such as Splunk IT Service Intelligence or Splunk Enterprise Security.
The Splunk Add-on for Unix and Linux collects the following data using file inputs:
- Changes to files in the
/etcdirectory and subdirectories. - Changes to files in the
/var/logdirectory and subdirectories.
The add-on collects the following data with scripted inputs:
bandwidth.sh
|
Network statistics via the shell commands dlstat, netstat, and sar
|
cpu.sh
|
CPU statistics via the shell commands sar, mpstat, and iostat
|
df.sh
|
Free disk space for each mount point via the shell commands df, mount and fstyp
|
hardware.sh
|
Hardware information via the shell commands cpuinfo, df, dmesg, ifconfig, ioscan, iostat, ip, lanscan, lsattr, lscfg, lsdev, lsps, lspv, meminfo, mpstat, prtconf, prtdiag, sysctl, system_profiler, swap, swapinfo, and top
|
interfaces.sh
|
Configured network interfaces via the shell commands dmesg, ethtool, ifconfig, kstat, lanscan, lanadmin, and netstat
|
iostat.sh
|
Input/output statistics for block devices and partitions via the shell commands darwin_disk_stats, iostat, and sar
|
lastlog.sh
|
Last login times for system accounts via the shell commands last, lastb, and lastlogin
|
lsof.sh
|
Process information via the shell command lsof
|
netstat.sh
|
Network connections, routing tables, and network interface information via the shell command netstat
|
openPorts.sh
|
Available network ports via the shell command netstat
|
openPortsEnhanced.sh
|
TCP/UDP ports in a listening state, and information on process, process ID, IP version, etc. via the shell commands lsof, and netstat
|
package.sh
|
Lists installed software packages via the shell commands dpkg-query, pkginfo, and pkg_info, system_profiler and swlist
|
passwd.sh
|
Shows username and associated user ID, user group ID, and shell |
protocol.sh
|
TCP/UDP transfer statistics via the shell command netstat
|
ps.sh
|
Status of current running processes via the shell command ps
|
rlog.sh
|
Audit information recorded in /var/log/audit/audit.log by auditd
|
selinuxChecker.sh
|
Parses /etc/sysconfig/selinux to check if SELinux is configured
|
service.sh
|
Running services and associated details via the shell commands chkconfig, dscl, svcs, and systemctl
|
sshdChecker.sh
|
Parses sshd_config for information local sshd configurations
|
time.sh
|
System date and time, and NTP server time via the shell commands date and ntpdate
|
top.sh
|
List of running system processes via the shell commands ps and top
|
update.sh
|
Available software updates for installed packages via the shell commands softwareupdate and yum
|
uptime.sh
|
System date and uptime information via the shell command date
|
usersWithLoginPrivs.sh
|
Shows system username information |
version.sh
|
OS version details via the shell command uname
|
vmstat.sh
|
Process related memory usage information via the shell commands prstat, prtconf, ps, sar, svmon, swap, swapinfo, sysctl, top, uptime, and vmstat
|
vsftpdChecker.sh
|
Parses vsftpd.conf for information about local VSFTP server configurations
|
who.sh
|
Information about all users currently logged in via the shell command who
|
The add-on displays question marks ("?") for blank fields that the scripted inputs return within individual events. This is expected behavior to preserve field spacing, and is not cause for concern.
Download the Splunk Add-on for Unix and Linux from Splunkbase.
For a summary of new features, fixed issues, and known issues, see Release Notes for the Splunk Add-on for Unix and Linux.
For information about installing and configuring the Splunk Add-on for Unix and Linux, see Installation and configuration overview for the Splunk Add-on for Unix and Linux.
See Questions related to Splunk Add-on for Unix and Linux on Splunk Answers.
| Source types for the Splunk Add-on for Unix and Linux |
This documentation applies to the following versions of Splunk® Add-on for Unix and Linux (Legacy): 6.0.0
Download manual
Feedback submitted, thanks!