Splunk for Unix and Linux – an update and an introduction

Fellow Splunkers,

Today brings two exciting new releases for the Splunk CoreApps team!

Splunk for Unix and Linux app has been updated to version 4.5

The highlights of this release include:

  • Documentation
  • Scores of bug fixes
    • You submitted them, we fixed and tested them!
  • New first-time run tool
    • User friendly notification will appear for a variety of deployment scenarios
  • New setup interface
    • User friendly way to enable and disable the inputs that power the app
  • Enhanced support for AIX
    • Most of the scripted inputs in the app now support AIX

We are proud to release the Splunk for Unix and Linux technology add-on

The first question that most people have is “what exactly is a technology add-on?”, followed shortly afterwards by “why would I use the add-on instead of the app?”

Technology add-ons are essentially the knowledge and input layer of an app decoupled from the web user interface of the full-blown app.  In this case, Some customers asked us for Unix and Linux knowledge and inputs packaged separately from the Splunk Web user interface components.  Thus begat the concept of techology add-ons.

Why would customers want to use a technology add-on rather than the app?  Most often, this request was made in order to facilitate use on Splunk forwarders or when the primary use case for Unix and Linux data is to correlate with other data sources in an app other than Splunk for Unix and Linux, for example Splunk ESS or PCI.

Finally, it is worth mentioning that both these apps are open sourced under the Apache license and will soon be available on Splunk’s github.

A big thanks to the entire CoreApps team, especially Liz and our entire QA team in Taiwan who each did an amazing job on this project.

Have a problem with, question about, or idea for the Unix and Linux app or TA?  Have a great idea for the next CoreApps project?  Drop us a line on Splunk Answers and let us know what you are thinking.

Alex Raitz

Posted by