Unix / Linux Addon

corina_kolb · ‎02-24-2021

Hello,

in many linux versions the comman netstat is now deprecated. Now you have the problem to use the sourcetype netstat within the Linux/Unix Addon in Splunk. Is there a possibility to use another command, e.g. ss instead of netstat in future as sourcetype? Many thanks in advance.

dave_null · ‎03-05-2021

Are you talking about this app? https://splunkbase.splunk.com/app/273/

If you have access to the app config files, you should be able to swap the netstat command with "ss," though I couldn't tell you exactly how without knowing which app you are referring to.