About the Splunk Add-on for Unix and Linux¶
Version | 10.0.0 |
Vendor products | All supported Unix operating systems. See Documentation. |
Add-on has web UI | Yes. This add-on contains views for configuration. |
The Splunk Add-on for Unix and Linux allows a Splunk software administrator to collect data from Unix and Linux hosts. Install the Splunk Add-on for Unix and Linux on a forwarder to send data from any number of hosts to a Splunk Enterprise indexer or group of indexers. You can also use the add-on to provide data for other apps, such as Splunk IT Service Intelligence (ITSI) or Splunk Enterprise Security.
File Monitoring Inputs¶
The Splunk Add-on for Unix and Linux collects the following data using file inputs:
- Monitoring
/etc
directory - Monitoring
/var/log
directory - Monitoring
/home/*/.bash_history
directory - Monitoring
/root/.bash_history
directory - Monitoring
/var/adm
directory - Monitoring
/Library/
Logs
Scripted Inputs¶
The add-on collects data with the following scripted inputs:
Input | Description |
---|---|
bandwidth.sh |
Network statistics via the shell commands dlstat , netstat , and sar |
cpu.sh |
CPU statistics via the shell commands sar , mpstat , and iostat |
cpu_metric.sh |
CPU statistics and OS info via the shell commands hostname , ifconfig , uname , sar , mpstat , and iostat |
df.sh |
Free disk space for each mount point via the shell commands df , mount , and fstyp |
df_metric.sh |
Statistics of free disk space for each mount point and OS info via the shell commands hostname , ifconfig , uname , df , mount , and fstyp |
hardware.sh |
Hardware information via the shell commands cpuinfo , df , dmesg , hwinfo , ifconfig , ioscan , iostat , ip , lanscan , lsattr , lscfg , lsdev , lsps , lspv , meminfo , mpstat , prtconf , prtdiag , sysctl , system_profiler , swap , swapinfo , and top |
interfaces.sh |
Configured network interfaces via the shell commands dmesg , ethtool , ifconfig , kstat , lanscan , lanadmin , and netstat |
interfaces_metric.sh |
Statistics of configured network interfaces and OS info via the shell commands hostname , ifconfig , uname , dmesg , ethtool , ifconfig , kstat , lanscan , lanadmin , and netstat |
iostat.sh |
Input/output statistics for block devices and partitions via the shell commands darwin_disk_stats , iostat , and sar |
iostat_metric.sh |
Statistics of Input/output statistics for block devices and partitions and OS info via the shell commands hostname , ifconfig , uname , darwin_disk_stats , iostat , and sar |
lastlog.sh |
Last login times for system accounts via the shell commands last and lastb |
lsof.sh |
Process information via the shell command lsof |
netstat.sh |
Network connections, routing tables, and network interface information via the shell command netstat |
nfsiostat.sh |
Collects NFS mounts data via the shell command nfsiostat . Requires the nfs-utils package. |
openPorts.sh |
Available network ports via the shell command netstat |
openPortsEnhanced.sh |
TCP/UDP ports in a listening state, and information on process, process ID, IP version, and so on. via the shell commands lsof , and netstat |
package.sh |
Lists installed software packages via the shell commands dpkg-query , pkginfo , pkg_info , pkg info , system_profiler , and swlist |
passwd.sh |
Shows username and associated user ID, user group ID, and shell |
protocol.sh |
TCP/UDP transfer statistics via the shell commands netstat or nstat |
ps.sh |
Status of current running processes via the shell command ps |
ps_metric.sh |
Statistics of the status of currently running processes and OS info via the shell command hostname , ifconfig , uname , and ps |
rlog.sh |
Linux Auditing System events information recorded in /var/log/audit/audit.log by auditd |
selinuxChecker.sh |
Parses /etc/sysconfig/selinux to check if SELinux is configured |
service.sh |
Running services and associated details via the shell commands chkconfig , dscl , svcs , and systemctl |
sshdChecker.sh |
Parses sshd_config for information local sshd configurations |
time.sh |
System date and time, and NTP server time via the shell commands and chronyc , date and ntpdate |
top.sh |
List of running system processes via the shell commands ps and top |
update.sh |
Available software updates for installed packages via the shell commands softwareupdate , yum and zypper |
uptime.sh |
System date and uptime information via the shell command date |
usersWithLoginPrivs.sh |
Shows system username information |
version.sh |
OS/kernel version details via the shell commands uname , sw_vers , oslevel and from /etc/*-release file. |
vmstat.sh |
Process-related memory usage information via the shell commands prstat , prtconf , ps , sar , svmon , swap , swapinfo , sysctl , top , uptime , and vmstat |
vmstat_metric.sh |
Statistics of process-related memory usage information and OS info via the shell commands hostname , ifconfig , uname , prstat , prtconf , ps , sar , svmon , swap , swapinfo , sysctl , top , uptime , and vmstat |
vsftpdChecker.sh |
Parses vsftpd.conf for information about local VSFTP server configurations in /etc , /etc/vsftpd , or /private/etc |
who.sh |
Information about all users currently logged in via the shell command who |
The add-on displays question marks (“?”) for blank fields that the scripted inputs return within individual events. This is expected behavior to preserve field spacing.
Download the Splunk Add-on for Unix and Linux from Splunkbase.
For a summary of new features, fixed issues, and known issues, see Release notes for the Splunk Add-on for Unix and Linux.
For information about installing and configuring the Splunk Add-on for Unix and Linux, see Installation and configuration overview for the Splunk Add-on for Unix and Linux.
See Splunk Community page for questions related to Splunk Add-on for Unix and Linux on Splunk Answers.