What you need to do is perform some stimulus response testing and development.
You might also try the splunk security essentials app on splunk base, it might have some of this built already and you could just copy the searches, you would still likely benefit from testing it against a vm with proper disto.
It's not clear what you seek. Please explain your use case.
I have a system admininistrator who requires a dashboard for their Linux OS. This dashboard is to be used for providing when any users place (mount) and/or remove (unmount) any form of removable media from the machine. The search string would look for any events where this would occur.
Couple questions up front:
1. Do you already collect logs on these linux systems?
2. Are you forwarding these logs into splunk already?
3. What variations of Linux are you looking to report against?