SPL2 templates for Edge Processor and Ingest Processor for Unix and Linux logs: reduce log size¶
Templates for Unix and Linux are designed to help you reduce the size of various Unix and Linux logs
Templates are available for the Edge Processor and Ingest Processor. See the following documentation for more information:
| Template name | Version | Use case | Availability |
|---|---|---|---|
| UNIX and Linux bandwidth logs: Reduce log size and convert to TSV format | 0.2.1 | Reduce the size of Unix and Linux bandwidth logs by removing unnecessary fields and converting logs into a tab-separated values (TSV) format while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux cpu logs: Reduce log size and convert to TSV format | 0.4.2 | Reduce the size of Unix and Linux cpu logs by removing unnecessary fields and converting logs into a tab-separated values (TSV) format while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux df logs: Reduce log size and convert to TSV format | 0.4.1 | Reduce the size of Unix and Linux df logs by removing unnecessary fields and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux hardware logs: Reduce log size and convert to tab-separated key-value pair format | 0.4.1 | Reduce the size of Unix and Linux hardware logs by removing unnecessary fields and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux interfaces logs: Reduce log size and convert to TSV format | 0.4.1 | Reduce the size of Unix and Linux interfaces logs by removing unnecessary fields, replacing invalid values, and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux iostat logs: Reduce log size and convert to TSV format | 0.4.1 | Reduce the size of Unix and Linux iostat logs by removing unnecessary fields and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux lastlog logs: Reduce log size and convert to TSV format | 0.2.0 | Reduce the size of Unix and Linux lastlog logs by converting them to tab-separated values (TSV) format and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux lsof logs: Reduce log size and convert to TSV format | 0.4.3 | Reduce the size of Unix and Linux lsof logs by removing unnecessary fields and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux netstat logs: Reduce log size and convert to TSV format | 0.4.1 | Reduce the size of Unix and Linux netstat logs by removing unnecessary fields and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux package logs: Reduce log size and convert to TSV format | 0.4.2 | Reduce the size of Unix and Linux package logs by removing unnecessary fields and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux ps logs: Reduce log size and convert to TSV format | 0.4.2 | Reduce the size of Unix and Linux ps logs by removing unnecessary fields and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux top logs: Reduce log size and convert to TSV format | 0.4.2 | Reduce the size of Unix and Linux top logs by removing unnecessary fields and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
| UNIX and Linux vmstat logs: Reduce log size and convert to tab-separated key-value pair format | 0.3.1 | Reduce the size of Unix and Linux vmstat logs by removing unnecessary fields and optimizing log storage while maintaining compatibility with the Splunk Common Information Model (CIM). |
EP and IP |
Release notes for the templates are available in the documentation.