Reports and searches for Splunk app for Unix/Linux

pgadhari · ‎06-20-2014

Hi All,

I have installed Splunk app for unix/linux and have enabled the data collection such as vmstat, iostat, ps command, cpu data, netstat, lsof etc. and also my syslog is going to splunk indexer. There are some reports and dashboards that the apps are showing, but I need some search queries for unix app as well as for syslog based on which I can create some dashboard/report which will help me to make a demo to management. Also, I want to take a sample case of event co-relation wherein I can show Splunk's capabilities. You guys have very good experiece in splunk, so request you to provide me some search queries that can built a meaningful and appealing dashboard using Unix/Linux App as well as from syslog's coming from the servers. Please help.

Thanks

araitz · ‎06-20-2014

I'd recommend starting with SA-nix/default/savedsearches.conf and SA-nix/default/macros.conf. There are tons of saved searches and macros that you can use to create custom dashboards. Note that SA-nix is part of the unix app, and you'll see it in your $SPLUNK_HOME/etc/apps directory.

pgadhari · ‎06-23-2014

Thanks araitz, let me go through it and if I have any questions I will revert back.

Reports and searches for Splunk app for Unix/Linux

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!