Splunk Tech Talks
Deep-dives for technical practitioners.

Get Monitoring Tricks for All Your *nix Part 1

Splunk Employee
Splunk Employee

View our first IT Edition Tech Talk, Get Monitoring Tricks for All Your *nix Part 1  to see an introduction to the *nix Technical Add-on (TA), showing you how you can gain rapid insights and operational visibility into Unix and Linux environments. 

Tune in for:

  • An introduction to the TA
  • A walk through demo showing set-up and available out-of-the-box content

Check out our *nix conversations in Splunk Answers community for more!

Splunk Employee
Splunk Employee

Hey everyone! We had some great questions during this Tech Talk in June. 

Recapping for all!

Q: What is the difference between this add-on and the Splunk app\ add-on for Infrastructure which also includes Linux \ Unix monitoring?
A: This TA collects data via shell scripts, and creates Splunk events. The add for infrastructure collects data via a collected agent and the data lands in Splunk as a metric.
Q: Does the Nix TA put performance data into a metrics type index?
A: This nix TA puts data into a Splunk index as an event, not a metric.
Q: So should we move this data to the index of our choice or should we keep it in main?
A: It's best to move this data to an index of your choice.
Q: So we would do that in the input.conf of the Splunk_nix_ta folder. Correct?
A: Correct! When you create the inputs.conf in your local folder, make sure to include the index=[your index] field under each input stanza.
Q: When we refer pctCPU, how do we segregate if it's for 1 core or 12 core or 24 core?
A: The cpu data comes in with one event per core, and another event that is an aggregate of all cores. 
Splunk Employee
Splunk Employee

Here are all the follow up materials from the webinar. Enjoy!

  • Documentation –

Data Collection

Script Compatibility





Hi, I cannot register with these tech talks as drop-down fields show no data.  How can I access these talks?

Splunk Employee
Splunk Employee

Hi @zpravaiz - In the drop down for Select Your Session - check mark OnDemand and then submit, you will then be given the link to the ondemand version. Thanks!

Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...