I have installed Splunk app for unix/linux and have enabled the data collection such as vmstat, iostat, ps command, cpu data, netstat, lsof etc. and also my syslog is going to splunk indexer. There are some reports and dashboards that the apps are showing, but I need some search queries for unix app as well as for syslog based on which I can create some dashboard/report which will help me to make a demo to management. Also, I want to take a sample case of event co-relation wherein I can show Splunk's capabilities. You guys have very good experiece in splunk, so request you to provide me some search queries that can built a meaningful and appealing dashboard using Unix/Linux App as well as from syslog's coming from the servers. Please help.
I'd recommend starting with SA-nix/default/savedsearches.conf and SA-nix/default/macros.conf. There are tons of saved searches and macros that you can use to create custom dashboards. Note that SA-nix is part of the unix app, and you'll see it in your $SPLUNK_HOME/etc/apps directory.