Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

Acrobat logo Download manual as PDF


On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Dashboard reference

This topic lists all of the dashboards provided in the Splunk App for Unix and Linux broken out by menu name and provides a brief description of each.

Each dashboard contains menu items for saved searches and data sources that supply data to the dashboard.

Note: The dashboards referenced here apply only to the full Splunk App for Unix and Linux. The TA for Unix and Linux does not have a user interface.

Overview

The Overview dashboard displays when you first launch the Splunk App for Unix and Linux. It lists all of the source types and hosts that are generating *nix-specific data, and by default shows you activity since the app was installed.

The dashboard is divided into two main sections: the upper section displays information about the inputs that the Splunk App for Unix and Linux uses to collect its data. The lower half displays the sources and source types of data collected so far, as well as the hosts that have sent data to this Splunk instance.

You can change the time range for this dashboard, as well as perform ad-hoc searches across the time range you specify. To see all the data from any given host or source type, click on that host or source type.

Important: The Splunk App for Unix and Linux indexes all data into the os index. Be sure to include index=os in any ad-hoc searches you make.

CPU

This dashboard contains several charts that display statistics on CPU usage, including CPU consumption by process, user, and host, as well as the five most popular process names based on utilization.

The dashboard also contains some common saved searches that provide perspective on system load averages, CPU usage, and other resource utilization statistics.

Memory

This dashboard contains charts and reports that display data on memory usage, including such usage over the last three hours, resident memory by process, and virtual memory by process. There are also dashboards that display memory usage by host and user, and saved searches that cover a variety of memory-related statistics.

Disk

The Disk dashboard by default displays disk usage for each host that the app monitors. It contains additional dashboards that display statistics on open files by process, type, and user, as well as saved searches for these categories.

Network

This dashboard displays information about the throughput of network interfaces installed on *nix systems, including the current open ports and configured IP addresses, as well as current number of sockets, graphed by their state. There are several saved searches that feed these dashboards their data.

The Connection Details dashboard displays information about open ports, IP addresses and TCP socket states.

Users

The Users dashboard gives you information on who has logged in successfully, who has not, and who has had trouble escalating their privileges with the sudo command. You can also search for various user management records, including user and group adds, password change attempts (including failures), and deletes.

Log files

This dashboard displays information on the log files on your *nix systems, including files that have changed in the time range you specify, as well as a timeline of "error" and "critical" entries found in those logs. You can also find out the amount of throughput your logs are generating.

In the Logging Throughput dashboard, you can configure the dashboard to display data for one or more hosts.

Configs

This dashboard allows you to view the status of configurations on your *nix systems, including configuration files and information on the packages that are installed on the systems. You can also review changes to configuration and other files within a certain time range that you specify.

The Config Files Overview contains a timeline of the last configuration file changes, as well as the most changing configurations. Configuration sources are included.

Hardware configurations by host shows a list of hardware configurations for each host found in the os index.

Similarly, OS Packages by host shows a list of software packages installed on each host that has been indexed.

The FS Change Overview shows a list of changes made to files across the filesystem and includes a list of the most recent changes. The overview requires that you enable the file system change monitor. (from the main Splunk documentation)

Note: The file system change monitor input is deprecated in Versions 5.0 and later of Splunk.

Setup

The Setup dashboard lets you configure the Splunk App for Unix and Linux by enabling or disabling the inputs it uses to present data to you.

Last modified on 25 October, 2012
PREVIOUS
Configuration 		  NEXT
Release notes

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.5, 4.6

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters