All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Reports and searches for Splunk app for Unix/Linux

pgadhari
Builder
‎06-20-2014 10:31 AM

Hi All,

I have installed Splunk app for unix/linux and have enabled the data collection such as vmstat, iostat, ps command, cpu data, netstat, lsof etc. and also my syslog is going to splunk indexer. There are some reports and dashboards that the apps are showing, but I need some search queries for unix app as well as for syslog based on which I can create some dashboard/report which will help me to make a demo to management. Also, I want to take a sample case of event co-relation wherein I can show Splunk's capabilities. You guys have very good experiece in splunk, so request you to provide me some search queries that can built a meaningful and appealing dashboard using Unix/Linux App as well as from syslog's coming from the servers. Please help.

Thanks

0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎06-20-2014 11:09 AM

I'd recommend starting with SA-nix/default/savedsearches.conf and SA-nix/default/macros.conf. There are tons of saved searches and macros that you can use to create custom dashboards. Note that SA-nix is part of the unix app, and you'll see it in your $SPLUNK_HOME/etc/apps directory.

Reply

pgadhari
Builder
‎06-23-2014 04:25 AM

Thanks araitz, let me go through it and if I have any questions I will revert back.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...