This app provides field extractions and normalisation to the Common Information Model for /var/log/secure and /var/log/auth.log (linux_secure sourcetype). It is intended to replace the security-relevant aspects of the Splunk Add-on for Unix and Linux (Splunk_TA_nix) and as such it's strongly recommended that the Splunk_TA_nix app be removed from your search head before installing this app as they may conflict. This app requires no configuration and need only be installed on search heads (i.e. contains no index-time transforms). Be sure to also check out the certified sudo (https://splunkbase.splunk.com/app/3038/), iptables (https://splunkbase.splunk.com/app/3089/) and auditd (https://splunkbase.splunk.com/app/2642/) apps. For Linux performance monitoring, please see: https://splunkbase.splunk.com/app/3412/