Source types for the Splunk Add-on for Unix and Linux¶
The Splunk Add-on for Unix and Linux provides the index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks in the following formats:
| Source type | Description | CIM data models | Script |
|---|---|---|---|
aix_secure |
The AIX security log file | Authentication | n/a |
auditd |
Auditd logs translated with ausearch | n/a | rlog.sh |
bandwidth |
Network statistics | Performance | bandwidth.sh |
bash_history |
A list of commands previously used in a bash shell | n/a | n/a |
config_file |
Configuration file information | n/a | n/a |
cpu |
CPU state information | Performance | cpu.sh |
cpu_metric |
Statistical information of CPU | n/a | cpu_metric.sh |
df |
Available disk space on mounted volumes | Performance | df.sh |
df_metric |
Statistical information of available disk space on mounted volumes | n/a | df_metric.sh |
dhcpd |
Dynamic Host Control Protocol (DHCP) daemon information | Network Sessions | n/a |
fs_notification |
File system notification changes | Endpoint | n/a |
hardware |
Hardware specifications | Inventory | hardware.sh |
interfaces |
Network interface information | Inventory | interfaces.sh |
interfaces_metric |
Statistical information of network interface | n/a | interfaces_metric.sh |
iostat |
Statistical information: 60-second average of Input/Output operation | Performance | iostat.sh |
iostat_metric |
Statistical information: 60-second average of Input/Output operation | n/a | iostat_metric.sh |
lastlog |
Last login times for system accounts | n/a | lastlog.sh |
linux_audit |
The Linux audit log file | Authentication, Change | n/a |
Linux:SELinuxConfig |
SELinux host configuration information | n/a | selinuxChecker.sh |
linux_secure |
The Linux security log file | Authentication, Network Sessions, Change | n/a |
lsof |
A list of the open files on a host | n/a | lsof.sh |
netstat |
The state of the network (open/listening ports, connections, and so on) on a host | Endpoint | netstat.sh |
nfsiostat |
Collects NFS mounts data | Performance | nfsiostat.sh |
openPorts |
A list of the open ports on a host | n/a | openPorts.sh |
osx_secure |
The security log file for Mac OS X | n/a | n/a |
package |
A list of installed packages | n/a | package.sh |
protocol |
Network protocol stack information | n/a | protocol.sh |
ps |
Process information | Performance | ps.sh |
ps_metric |
Process statistical information | n/a | ps_metric.sh |
time |
Time service information | n/a | time.sh |
top |
Process and system resource information | n/a | top.sh |
Unix:CPUTime |
Statistics about the amount of time the CPU dedicated to specific processes | Performance | n/a |
Unix:ListeningPorts |
Network ports that the OS is listening on | n/a | openPortsEnhanced.sh |
Unix:Service |
Unix service information | Endpoint | service.sh |
Unix:SSHDConfig |
Local sshd configuration information | n/a | sshdChecker.sh |
Unix:Update |
A list of software updates for installed packages | n/a | update.sh |
Unix:Uptime |
System date and uptime information | Performance | uptime.sh |
Unix:UserAccounts |
User account information | Inventory | passwd.sh |
Unix:Version |
OS version information | Inventory | version.sh |
Unix:VSFTPDConfig |
Local VSFTP server configuration information | n/a | vsftpdChecker.sh |
usersWithLoginPrivs |
Users with elevated login privileges | n/a | usersWithLoginPrivs.sh |
vmstat |
Virtual memory information | Performance | vmstat.sh |
vmstat_metric |
Virtual memory statistical information | n/a | vmstat_metric.sh |
who |
All users currently logged in | n/a | who.sh |