All Apps and Add-ons

Reports and searches for Splunk app for Unix/Linux

pgadhari
Builder

Hi All,

I have installed Splunk app for unix/linux and have enabled the data collection such as vmstat, iostat, ps command, cpu data, netstat, lsof etc. and also my syslog is going to splunk indexer. There are some reports and dashboards that the apps are showing, but I need some search queries for unix app as well as for syslog based on which I can create some dashboard/report which will help me to make a demo to management. Also, I want to take a sample case of event co-relation wherein I can show Splunk's capabilities. You guys have very good experiece in splunk, so request you to provide me some search queries that can built a meaningful and appealing dashboard using Unix/Linux App as well as from syslog's coming from the servers. Please help.

Thanks

0 Karma

araitz
Splunk Employee
Splunk Employee

I'd recommend starting with SA-nix/default/savedsearches.conf and SA-nix/default/macros.conf. There are tons of saved searches and macros that you can use to create custom dashboards. Note that SA-nix is part of the unix app, and you'll see it in your $SPLUNK_HOME/etc/apps directory.

pgadhari
Builder

Thanks araitz, let me go through it and if I have any questions I will revert back.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...