Hi
My company is looking to run a POC on Splunk for sysmon via UDP for a few hundred Unix / Linux machines.
Is there already a pre-made app for this? I can find the Microsoft one but i don't think it's the same thing.
Thanks in advance.
If the POC works, we will need to monitor 5000 machines.
Cheers
Hi,
Here is an valuable alternative to the official *nix application: https://splunkbase.splunk.com/app/1753/
I would suggest you make your own test and judgement, for dozens of reasons the *nix application should be rewritten from A to Z, the data produced by the add-on is rich enough, however the application is definitively not providing what admins need to analyse performance and capacity planing. (personal opinion)
Choice is luxury 😉
Regards,
Guilhem
Hi Robert,
I think this is the app you are looking for:
https://splunkbase.splunk.com/app/273/
The Splunk App for Unix and Linux provides rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.
Hope this helps. Thanks!
Hunter