Splunk® App for Unix and Linux (Legacy)

Install and Use the Splunk App for Unix and Linux

Acrobat logo Download manual as PDF


On March 13, 2022, the Splunk App for Unix and Linux will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app has migrated to a content pack in Data Integrations. Learn about the Content Pack for Unix Dashboards and Reports.The Splunk Add-on for Unix and Linux remains supported.
This documentation does not apply to the most recent version of Splunk® App for Unix and Linux (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

About the Splunk App for Unix and Linux

The Splunk App for Unix and Linux provides data inputs, searches, reports, alerts, and dashboards for Linux and Unix management. You can monitor and troubleshoot *nix operating systems on potentially large numbers of systems from one place. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration, and user data.

Use the Splunk App for Unix and Linux to:

  • Get information about who's logged into your system, including last login times and unauthorized login attempts.
  • Find out how much network throughput and bandwidth your system is using.
  • Determine the status of current running processes on your system, and who is running them.
  • Learn what software is installed on your system.

How does it work?

The Splunk App for Unix and Linux runs on top of a Splunk instance and gathers various system metrics, including:

  • Hardware information - CPU type, count, and cache; hard drives; network interface cards, count, and memory, as well as CPU statistics.
  • Disk information, including available disk space and associated input/output statistics for devices and partitions.
  • Information about the configured network interfaces, including connections, routing tables, and TCP/UDP transfer statistics.
  • User statistics, including last login times for system accounts, user attributes, and security-related information.
  • Information about processes, the files they open, and other resources they use.

The app presents this data to you with pre-built reports and dashboards to give you full visibility into your system's operation.

How do I get it?

Download the Splunk App for Unix and Linux from Splunkbase.

How do I upgrade from a previous version?

From version 5.0.x

You can upgrade directly from version 5.0 of the Splunk App for Unix and Linux through Splunk's in-app upgrade feature within Splunk Web, or from the command line.

From version 4.6.x and earlier

There is no supported upgrade path from version 4.6 of the Splunk App for Unix and Linux to this version. However, you can run both version 4.6 and this version simultaneously, if you so choose.

The installation package for this version of the app installs into a different directory than version 4.6. Once you have installed this version, you can then configure this version of the app to use the same indexes and source types that the version 4.6 app uses.

For detailed installation instructions, read "Install the Splunk App for Unix and Linux" in this manual.

Caution: Do not attempt to install this version of the app into the same directory of a version before 5.0. That is not supported and can render both versions of the app unusable.

Once you have configured and evaluated this version of the app, you can then remove the 4.6 version at a later date. No data loss will occur.

For information on any known issues in this version, review the release notes.

Last modified on 01 September, 2015
  NEXT
About the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® App for Unix and Linux (Legacy): 5.0.1, 5.0.2


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters