Source types for the Splunk Add-on for Unix and Linux¶
The Splunk Add-on for Unix and Linux provides the index-time and search-time knowledge for *nix events, metadata, user and group information, collaboration data, and tasks in the following formats:
| Source type | Description | CIM data models |
|---|---|---|
aix_secure |
The AIX security log file | Authentication |
auditd |
Auditd logs translated with ausearch | n/a |
bandwidth |
Network statistics | Performance |
bash_history |
A list of commands previously used in a bash shell | n/a |
config_file |
Configuration file information | n/a |
cpu |
CPU state information | Performance |
cpu_metric |
Statistical information of CPU | n/a |
df |
Available disk space on mounted volumes | Performance |
df_metric |
Statistical information of available disk space on mounted volumes | n/a |
dhcpd |
Dynamic Host Control Protocol (DHCP) daemon information | Network Sessions |
fs_notification |
File system notification changes | Endpoint |
hardware |
Hardware specifications | Inventory |
interfaces |
Network interface information | Inventory |
interfaces_metric |
Statistical information of network interface | n/a |
iostat |
Input/Output operation information | Performance |
iostat_metric |
Statistical information of input/output operation | n/a |
lastlog |
Last login times for system accounts | n/a |
linux_audit |
The Linux audit log file | Authentication, Change |
Linux:SELinuxConfig |
SELinux host configuration information | n/a |
linux_secure |
The Linux security log file | Authentication, Network Sessions, Change |
lsof |
A list of the open files on a host | n/a |
netstat |
The state of the network (open/listening ports, connections, and so on) on a host | Endpoint |
nfsiostat |
Collects NFS mounts data | Performance |
openPorts |
A list of the open ports on a host | n/a |
osx_secure |
The security log file for Mac OS X | n/a |
package |
A list of installed packages | n/a |
protocol |
Network protocol stack information | n/a |
ps |
Process information | Performance |
ps_metric |
Process statistical information | n/a |
time |
Time service information | n/a |
top |
Process and system resource information | n/a |
Unix:CPUTime |
Statistics about the amount of time the CPU dedicated to specific processes | Performance |
Unix:ListeningPorts |
Network ports that the OS is listening on | n/a |
Unix:Service |
Unix service information | Endpoint |
Unix:SSHDConfig |
Local sshd configuration information | n/a |
Unix:Update |
A list of software updates for installed packages | n/a |
Unix:Uptime |
System date and uptime information | Performance |
Unix:UserAccounts |
User account information | Inventory |
Unix:Version |
OS version information | Inventory |
Unix:VSFTPDConfig |
Local VSFTP server configuration information | n/a |
usersWithLoginPrivs |
Users with elevated login privileges | n/a |
vmstat |
Virtual memory information | Performance |
vmstat_metric |
Virtual memory statistical information | n/a |
who |
All users currently logged in | n/a |