All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there already an app that will monitor sysmon via UDP for Unix or Linux machines?

robertlynch2020
Motivator
‎01-18-2017 03:18 PM

Hi

My company is looking to run a POC on Splunk for sysmon via UDP for a few hundred Unix / Linux machines.

Is there already a pre-made app for this? I can find the Microsoft one but i don't think it's the same thing.

Thanks in advance.

If the POC works, we will need to monitor 5000 machines.

Cheers

0 Karma
Reply

guilmxm
Influencer
‎01-19-2017 01:57 AM

Hi,

Here is an valuable alternative to the official *nix application: https://splunkbase.splunk.com/app/1753/

I would suggest you make your own test and judgement, for dozens of reasons the *nix application should be rewritten from A to Z, the data produced by the add-on is rich enough, however the application is definitively not providing what admins need to analyse performance and capacity planing. (personal opinion)

Choice is luxury 😉

Regards,

Guilhem

0 Karma
Reply

hunters_splunk
Splunk Employee
Splunk Employee
‎01-18-2017 06:48 PM

Hi Robert,

I think this is the app you are looking for:
https://splunkbase.splunk.com/app/273/

The Splunk App for Unix and Linux provides rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.

Hope this helps. Thanks!
Hunter

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...