Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.

About the Splunk Technology Add-on (TA) for Unix and Linux

Important:

If you're looking for documentation on the Splunk App for Unix and Linux, which is currently at version 4.6, read "About the Splunk App for Unix and Linux."

The Splunk Technology Add-on (TA) for Unix and Linux is a stripped-down version of the Splunk App for Unix and Linux. It is similar to the full app in that it provides data inputs for Linux and Unix management. Unlike the full app, it does not contain any dashboards, reports, or saved searches, nor does it have a user interface.

You can install the Splunk TA for Unix and Linux on a forwarder to send data from any number of *nix machines to a central Splunk indexer running the full app. You can also use the TA to provide data for other apps, such as the Splunk App for Enterprise Security.

For more information about what the full app does, read "About the Splunk App for Unix and Linux."

How does it work?

The Splunk TA for Unix and Linux runs on top of a Splunk indexer or forwarder and, like the full app, gathers various system metrics using a number of data inputs. These include but are not limited to:

  • Hardware information - CPU type, count, and cache; hard drives; network interface cards, count, and memory, as well as CPU statistics.
  • Disk information, including available disk space and associated input/output statistics for devices and partitions.
  • Information about the configured network interfaces, including connections, routing tables, and TCP/UDP transfer statistics .
  • User statistics, including last login times for system accounts, user attributes, and security-related information.
  • Information about processes, the files they open, and other resources they use.

How do I get it?

Download the Splunk TA for Unix and Linux from Splunkbase.

How do I upgrade from a previous version?

If you are already running the Splunk Technology Add-on for Unix and Linux and want to upgrade, the upgrade process is simple - you download the technology add-on install package and unpack it into the same directory as the existing technology add-on.

If you run the TA in a distributed environment and have a deployment server, install the app into the $SPLUNK_HOME/etc/deployment-apps directory on that server.

For information on what's been fixed from the previous version, as well as any known issues in this version, review the release notes.

Last modified on 07 April, 2013
About the Splunk App for Unix and Linux   Comparison of the Splunk App and Splunk Technology Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 4.7

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters