mike/TA-unix
1
0
Fork 0
Code Issues Pull requests Projects Releases 16 Packages Wiki Activity Actions

Merge in Splunk Add-On for Unix and Linux version 10.1.0

Browse source
This commit is contained in:
Michael Erdely 2025-06-03 17:26:49 -04:00
parent 847f4ab742
commit 13b1e503ea
Signed by: mike
SSH key fingerprint: SHA256:ukbnfrRMaRYlBZXENtBTyO2jLnql5AA5m+SzZCfYQe0
20 changed files with 429 additions and 167 deletions
Download patch file Download diff file Expand all files Collapse all files

20
default/props.conf
View file

@ -97,7 +97,7 @@ LINE_BREAKER = ([\r\n]+)
KV_MODE = json
NO_BINARY_CHECK = true
TRUNCATE=1000000
TRANSFORMS-docker-metric-dimensions=eval_dimensions
TRANSFORMS-docker-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_docker
[vmstat_metric]
@ -108,7 +108,7 @@ DATETIME_CONFIG = CURRENT
KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
TRANSFORMS-vmstat-metric-dimensions=eval_dimensions
TRANSFORMS-vmstat-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_vmstat
[cpu_metric]
@ -121,7 +121,7 @@ TRUNCATE=1000000
KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
TRANSFORMS-cpu-metric-dimensions=eval_dimensions
TRANSFORMS-cpu-metric-dimensions=splunk_ta_nix_eval_dimensions
TRANSFORMS-cpu-metric-field=extract_cpu_metric_field
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_cpu
@ -133,7 +133,7 @@ DATETIME_CONFIG = CURRENT
KV_MODE = none
INDEXED_EXTRACTIONS = TSV
TRANSFORMS-df-metrics=extract_df_metrics
TRANSFORMS-df-metric-dimensions=eval_dimensions
TRANSFORMS-df-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_df
[interfaces_metric]
@ -145,7 +145,7 @@ KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
EVAL-Duplex=case(Duplex==2,"Full", Duplex==1,"Half", Duplex==0, "Unknown", true(), Duplex)
TRANSFORMS-interfaces-metric-dimensions=eval_dimensions
TRANSFORMS-interfaces-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_interfaces
[iostat_metric]
@ -157,7 +157,7 @@ KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
TRANSFORMS-iostat-metrics-field=extract_iostat_metrics_field
TRANSFORMS-iostat-metric-dimensions=eval_dimensions
TRANSFORMS-iostat-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_iostat
[ps_metric]
@ -168,7 +168,7 @@ DATETIME_CONFIG = CURRENT
KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
TRANSFORMS-ps-metric-dimensions=eval_dimensions
TRANSFORMS-ps-metric-dimensions=splunk_ta_nix_eval_dimensions
TRANSFORMS-ps-metric-field=extract_ps_metric_field
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_ps
@ -221,9 +221,11 @@ TRUNCATE=1000000
DATETIME_CONFIG = CURRENT
KV_MODE = multi
FIELDALIAS-dest_for_df = host as dest
FIELDALIAS-filesystem_for_df = Filesystem AS filesystem
FIELDALIAS-filesystem_type_for_df = Type as filesystem_type
FIELDALIAS-mount_for_df = MountedOn AS mount
EVAL-Filesystem = replace(Filesystem, " ", " ")
EVAL-filesystem = replace(Filesystem, " ", " ")
EVAL-MountedOn = replace(MountedOn, " ", " ")
EVAL-mount = replace(MountedOn, " ", " ")
EVAL-Type = coalesce('Type',"?")
EVAL-filesystem_type = coalesce('Type',"?")
EVAL-Size = coalesce('Size','1024_blocks')