All Apps and Add-ons

Reports and searches for Splunk app for Unix/Linux

pgadhari
Builder

Hi All,

I have installed Splunk app for unix/linux and have enabled the data collection such as vmstat, iostat, ps command, cpu data, netstat, lsof etc. and also my syslog is going to splunk indexer. There are some reports and dashboards that the apps are showing, but I need some search queries for unix app as well as for syslog based on which I can create some dashboard/report which will help me to make a demo to management. Also, I want to take a sample case of event co-relation wherein I can show Splunk's capabilities. You guys have very good experiece in splunk, so request you to provide me some search queries that can built a meaningful and appealing dashboard using Unix/Linux App as well as from syslog's coming from the servers. Please help.

Thanks

0 Karma

araitz
Splunk Employee
Splunk Employee

I'd recommend starting with SA-nix/default/savedsearches.conf and SA-nix/default/macros.conf. There are tons of saved searches and macros that you can use to create custom dashboards. Note that SA-nix is part of the unix app, and you'll see it in your $SPLUNK_HOME/etc/apps directory.

pgadhari
Builder

Thanks araitz, let me go through it and if I have any questions I will revert back.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.