Splunk Search

inputs.conf entry to get linux operating system name and version

jcorcoran508
Path Finder

Greetings -

I do have the TA for nix.

I spend a couple of hours scouring all my resources and looking at the TA_nix  where to insert or turn an entry for the OS type.

On the linux side need to know if what vendor :  centos/RHEL ,  version 6,7,8 .

Any input would be appreciated.

Labels (1)
0 Karma
1 Solution

s2_splunk
Splunk Employee
Splunk Employee

sourcetype=Unix:Version has a bunch of the fields (os_*) you are looking for. I am not sure the distribution name is part of that dataset, since there is no standard way of figuring that out across all *nix platforms. Do have that sourcetype in your indexed data?

View solution in original post

s2_splunk
Splunk Employee
Splunk Employee

sourcetype=Unix:Version has a bunch of the fields (os_*) you are looking for. I am not sure the distribution name is part of that dataset, since there is no standard way of figuring that out across all *nix platforms. Do have that sourcetype in your indexed data?

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...