mike/TA-unix
1
0
Fork 0
Code Issues Pull requests Projects Releases 16 Packages Wiki Activity Actions

Merge in Splunk Add-On for Unix and Linux version 10.1.0

Browse source
This commit is contained in:
Michael Erdely 2025-06-03 17:26:49 -04:00
parent 847f4ab742
commit 13b1e503ea
Signed by: mike
SSH key fingerprint: SHA256:ukbnfrRMaRYlBZXENtBTyO2jLnql5AA5m+SzZCfYQe0
20 changed files with 429 additions and 167 deletions
Download patch file Download diff file Expand all files Collapse all files

6
THIRDPARTY
View file

@ -7,9 +7,9 @@
The following 3rd-party software packages may be used by or distributed with splunk-add-on-for-unix-and-linux. Any information relevant to third-party vendors listed below are collected using common, reasonable means.
Date generated: 2025-1-31
Date generated: 2025-4-25
Revision ID: 79a4b3bf642285d427e11cd81adb8baaf923e0e9
Revision ID: 54ebe4046afb33b20d0f5a24affec0e4323297b6
================================================================================
================================================================================
@ -65,4 +65,4 @@ No licenses found
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Report Generated by FOSSA on 2025-1-31
Report Generated by FOSSA on 2025-4-25

4
VERSION
View file

@ -1,2 +1,2 @@
10.0.0.1
10.0.0.1
10.1.0.0
10.1.0.0

2
app.manifest
View file

@ -29,7 +29,7 @@
"id": {
"group": null,
"name": "TA-unix",
"version": "10.0.0.1"
"version": "10.1.0.0"
},
"license": {
"name": "Splunk Software License Agreement",

69
bin/cpu.sh
View file

@ -42,17 +42,64 @@ if [ "$KERNEL" = "Linux" ] ; then
echo "Cmd = [$CMD]; | $AWK '$FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
exit
elif [ "$KERNEL" = "SunOS" ] ; then
formatted_date=$(date +"%m/%d/%y_%H:%M:%S_%Z")
if [ "$SOLARIS_8" = "true" ] || [ "$SOLARIS_9" = "true" ] ; then
CMD='eval mpstat -a -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -p 1 2 | tail -r'
else
CMD='eval mpstat -aq -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -q -p 1 2 | tail -r'
fi
assertHaveCommand "$CMD"
# shellcheck disable=SC2016
FILTER='($1=="CPU") {exit 1}'
# shellcheck disable=SC2016
FORMAT='{datetime="'"$formatted_date"'"; cpu=$1; pctUser=$(NF-4); pctNice="0"; pctSystem=$(NF-3); pctIowait=$(NF-2); pctIdle=$(NF-1)}'
CMD='mpstat -p 2 5'
FORMAT='
function get_cpu_count(){
command = "psrinfo -p"; # Use this for Solaris
command | getline cpu_count;
close(command);
return cpu_count;
}
BEGIN {
cpu_processed = 0;
user_sum = system_sum = iowait_sum = idle_sum = 0;
# Dynamically set CPU count
cpu_count = get_cpu_count();
last_cpu = cpu_count-1;
}
function get_current_time() {
command = "date +\"%m/%d/%y_%H:%M:%S_%Z\"";
command | getline datetime;
close(command);
return datetime;
}{
datetime=get_current_time();
cpu=$1;
pctUser=$(NF-4);
pctNice="0";
pctSystem=$(NF-3);
pctIowait=$(NF-2);
pctIdle=$(NF-1);
user_sum += pctUser;
system_sum += pctSystem;
iowait_sum += pctIowait;
idle_sum += pctIdle;
cpu_processed++;
}
'
FILTER='($0 ~ /CPU/) { if($(NF-1) ~ /gnice/){ NFIELDS=NF; } else {NFIELDS=NF+1;} next} /Average|Linux|^$|%/ {next}'
PRINTF='
{
if (cpu ~ /0/) {
print header;
printf "%-28s %-3s %9s %9s %9s %9s %9s\n", datetime, cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle;
} else if (cpu ~ last_cpu) {
printf "%-28s %-3s %9s %9s %9s %9s %9s\n", datetime, cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle;
printf "%-28s %-3s %9s %9s %9s %9s %9s\n", datetime, "all", user_sum / cpu_count, pctNice, system_sum / cpu_count, iowait_sum / cpu_count, idle_sum / cpu_count;
cpu_processed = 0;
user_sum = system_sum = iowait_sum = idle_sum = 0;
}else{
printf "%-28s %-3s %9s %9s %9s %9s %9s\n", datetime, cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle;
}
}'
$CMD | tee "$TEE_DEST" | $AWK "$FILTER $FORMAT $PRINTF" header="$HEADER"
echo "Cmd = [$CMD]; | $AWK '$FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
exit
elif [ "$KERNEL" = "AIX" ] ; then
queryHaveCommand mpstat
queryHaveCommand lparstat

69
bin/cpu_metric.sh
View file

@ -7,7 +7,6 @@
. "$(dirname "$0")"/common.sh
assertHaveCommand column
HEADER='Datetime pctUser pctNice pctSystem pctIowait pctIdle OSName OS_version IP_address CPU'
HEADERIZE="BEGIN {print \"$HEADER\"}"
PRINTF='{printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address,cpu}'
@ -37,18 +36,64 @@ if [ "$KERNEL" = "Linux" ] ; then
# shellcheck disable=SC2016
FILTER='($0 ~ /CPU/) { if($(NF-1) ~ /gnice/){ NFIELDS=NF; } else {NFIELDS=NF+1;} next} /Average|Linux|^$|%/ {next}'
elif [ "$KERNEL" = "SunOS" ] ; then
formatted_date=$(date +"%m/%d/%y_%H:%M:%S_%Z")
if [ "$SOLARIS_8" = "true" ] || [ "$SOLARIS_9" = "true" ] ; then
CMD='eval mpstat -a -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -p 1 2 | tail -r'
else
CMD='eval mpstat -aq -p 1 2 | tail -1 | sed "s/^[ ]*0/all/"; mpstat -q -p 1 2 | tail -r'
fi
CMD='mpstat -p 2 5'
DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1)"
assertHaveCommand "$CMD"
# shellcheck disable=SC2016
FILTER='($1=="CPU") {exit 1}'
# shellcheck disable=SC2016
FORMAT='{datetime="'"$formatted_date"'"; cpu=$1; pctUser=$(NF-4); pctNice="0"; pctSystem=$(NF-3); pctIowait=$(NF-2); pctIdle=$(NF-1);OSName=OSName;OS_version=OS_version;IP_address=IP_address;}'
FORMAT='
function get_cpu_count(){
command = "psrinfo -p"; # Use this for Solaris
command | getline cpu_count;
close(command);
return cpu_count;
}
BEGIN {
cpu_processed = 0;
user_sum = system_sum = iowait_sum = idle_sum = 0;
# Dynamically set CPU count
cpu_count = get_cpu_count();
last_cpu = cpu_count-1;
}
function get_current_time() {
command = "date +\"%m/%d/%y_%H:%M:%S_%Z\"";
command | getline datetime;
close(command);
return datetime;
}{
datetime=get_current_time();
cpu=$1;
pctUser=$(NF-4);
pctNice="0";
pctSystem=$(NF-3);
pctIowait=$(NF-2);
pctIdle=$(NF-1);
user_sum += pctUser;
system_sum += pctSystem;
iowait_sum += pctIowait;
idle_sum += pctIdle;
cpu_processed++;
}
'
FILTER='($0 ~ /CPU/) { if($(NF-1) ~ /gnice/){ NFIELDS=NF; } else {NFIELDS=NF+1;} next} /Average|Linux|^$|%/ {next}'
PRINTF='
{
if (cpu ~ /0/) {
print header;
{printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address,cpu}
} else if (cpu ~ last_cpu) {
{printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address,cpu}
printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, user_sum / cpu_count, pctNice, system_sum / cpu_count, iowait_sum / cpu_count, idle_sum / cpu_count, OSName, OS_version, IP_address, "all";
cpu_processed = 0;
user_sum = system_sum = iowait_sum = idle_sum = 0;
}else{
{printf "%-28s %9s %9s %9s %9s %9s %-35s %15s %-16s %-3s\n", datetime, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address,cpu}
}
}'
$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$FILTER $FORMAT $FILL_DIMENSIONS $PRINTF" header="$HEADER"
echo "Cmd = [$CMD]; | $AWK $DEFINE '$FILTER $FORMAT $FILL_DIMENSIONS $PRINTF' header=\"$HEADER\"" >>"$TEE_DEST"
exit
elif [ "$KERNEL" = "AIX" ] ; then
queryHaveCommand mpstat
queryHaveCommand lparstat

294
bin/df.sh
View file

@ -120,9 +120,46 @@ elif [ "$KERNEL" = "AIX" ] ; then
assertHaveCommandGivenPath /usr/bin/df
CMD='eval /usr/sysv/bin/df -n ; /usr/bin/df -kP -F %u %f %z %l %n %p %m'
# Normalize Size, Used and Avail columns
#Maps fsType
# shellcheck disable=SC2016
NORMALIZE='
MAP_FS_TO_TYPE='/: / {
key = "";
value = "";
foundColon = 0;
for (i = 1; i <= NF; i++) {
if (!foundColon) {
if ($i ~ /:$/) {
clean = $i;
sub(/:$/, "", clean);
if (clean != "") {
key = (key ? key " " : "") clean;
}
foundColon = 1;
} else {
if ($i != "") {
key = (key ? key " " : "") $i;
}
}
} else if ($i ~ /[a-zA-Z0-9]/ && value == "") {
value = $i;
}
}
gsub(/ /, "&nbsp;", key);
fsTypes[key] = value;
}'
# shellcheck disable=SC2016
BEGIN='BEGIN {
OFS = "\t";
printedHeader = 0;
}'
# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
# shellcheck disable=SC2016
PRINTF='
function fromKB(KB) {
MB = KB/1024;
if (MB<1024) return MB "M";
@ -131,68 +168,80 @@ elif [ "$KERNEL" = "AIX" ] ; then
TB = GB/1024; return TB "T"
}
{
if($0 ~ /^Filesystem.*/){
for(i=1;i<=NF;i++){
if($i=="1024-blocks") {sizeCol=i; sizeFlag=1;}
if($i=="Used") {usedCol=i; usedFlag=1;}
if($i=="Available") {availCol=i; availFlag=1;}
}
}
if(!($0 ~ /^Filesystem.*/) && sizeFlag==1)
$sizeCol=fromKB($sizeCol);
if(!($0 ~ /^Filesystem.*/) && usedFlag==1)
$usedCol=fromKB($usedCol);
if(!($0 ~ /^Filesystem.*/) && availFlag==1)
$availCol=fromKB($availCol);
}'
if ($0 ~ /^Filesystem.*/) {
if (!printedHeader) {
sub("%iused", "IUsePct", $0);
header_field_count = NF;
#Maps fsType
# shellcheck disable=SC2016
MAP_FS_TO_TYPE='/: / {
for(i=1;i<=NF;i++){
if($i ~ /^\/.*/)
keyCol=i;
else if($i ~ /[a-zA-Z0-9]/)
valueCol=i;
}
if($keyCol ~ /^\/.*:/)
fsTypes[substr($keyCol,1,length($keyCol)-1)] = $valueCol;
else
fsTypes[$keyCol]=$valueCol;
}'
for (i = 1; i <= NF; i++) {
if ($i == "iused") iusedCol = i;
if ($i == "ifree") ifreeCol = i;
if ($i == "Mounted" && $(i + 1) == "on") {
mountedCol = i;
sub("Mounted on", "MountedOn", $0);
}
}
# shellcheck disable=SC2016
BEGIN='BEGIN { OFS = "\t" }'
# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
# shellcheck disable=SC2016
PRINTF='
{
if($0 ~ /^Filesystem.*/){
sub("%Iused","IUsePct",$0);
for(i=1;i<=NF;i++){
if($i=="Iused") iusedCol=i;
if($i=="Ifree") ifreeCol=i;
$(NF + 1) = "Type";
$(NF + 1) = "INodes";
printf "%-50s %-8s %-8s %-8s %-10s %-8s %-8s %-7s %-25s %-10s %-8s\n",
"Filesystem", "Size", "Used", "Avail", "Capacity",
"iused", "ifree", "IUsePct","MountedOn", "Type", "INodes";
printedHeader = 1;
}
next;
}
if($i=="Mounted" && $(i+1)=="on"){
mountedCol=i;
sub("Mounted on","MountedOn",$0);
}
}
$(NF+1)="Type";
$(NF+1)="INodes";
print $0;
}
}
{
for(i=1;i<=NF;i++)
{
if($i ~ /^\/\S*/ && i==mountedCol && !(fsTypes[$mountedCol]~/(devfs|ctfs|proc|mntfs|objfs|lofs|fd|tmpfs)/) && !($0 ~ /.*\/proc.*/)){
$(NF+1)=fsTypes[$mountedCol];
$(NF+1)=$iusedCol+$ifreeCol;
print $0;
}
}
}'
if (NF >= 8 && $0 !~ /\(.*\)/ && $0 !~ /^.* on \/.* \(/) {
found = 0
for (i = 1; i <= NF - 6; i++) {
cond = ($(i) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i) == "-") &&
($(i+1) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i+1) == "-") &&
($(i+2) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i+2) == "-") &&
($(i+3) ~ /^[0-9]+%$/ || $(i+3) == "-") &&
($(i+4) ~ /^[0-9]+(\.[0-9]+)?[kMGTPBi]?$/ || $(i+4) == "-") &&
($(i+5) ~ /^[0-9]+(\.[0-9]+)?[kMGTPBi]?$/ || $(i+5) == "-") &&
($(i+6) ~ /^[0-9]+%$/ || $(i+6) == "-")
if (cond) {
start = i
found = 1
break
}
}
if (!found) {
next
}
fs = $1
for (j = 2; j < start; j++) {
print($j)
fs = fs "&nbsp;" $j
}
gsub("^/dev/", "", fs);
gsub("s[0-9]+$", "", fs);
size = fromKB($(start))
used = fromKB($(start + 1))
avail = fromKB($(start + 2))
capacity = $(start + 3)
iused = $(start + 4)
ifree = $(start + 5)
iusepct = $(start + 6)
mounted = $(start + 7)
for (k = start + 8; k <= NF; k++) {
mounted = mounted "&nbsp;" $k
}
fstype = (mounted in fsTypes) ? fsTypes[mounted] : "-";
inodes = iused + ifree;
printf "%-50s %-8s %-8s %-8s %-10s %-8s %-8s %-7s %-25s %-10s %-8s\n",
fs, size, used, avail, capacity,
iused, ifree, iusepct, mounted, fstype, inodes;
}
}'
elif [ "$KERNEL" = "HP-UX" ] ; then
assertHaveCommand df
@ -215,24 +264,115 @@ elif [ "$KERNEL" = "Darwin" ] ; then
assertHaveCommand df
CMD='eval mount -t nocddafs,autofs,devfs,fdesc,nfs; df -h -T nocddafs,autofs,devfs,fdesc,nfs'
# shellcheck disable=SC2016
BEGIN='BEGIN { OFS = "\t" }'
BEGIN='BEGIN {
OFS = "\t";
printedHeader = 0;
}'
#Maps fsType
# shellcheck disable=SC2016
MAP_FS_TO_TYPE='/ on / {
for (i = 1; i <= NF; i++) {
if ($i == "on" && $(i + 1) ~ /^\/.*/)
key=$(i+1);
if($i ~ /^\(/)
value = substr($i, 2, length($i) - 2);
}
fsTypes[key] = value;
}'
PRINTF='/^Filesystem/ {
printf "Filesystem\tType\tSize\tUsed\tAvail\tUse%%\tInodes\tIUsed\tIFree\tIUse%%\tMountedOn\n";
}
$0 !~ /^Filesystem/ && $0 !~ / on / {
printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, fsTypes[$NF], $2, $3, $4, $5, $6+$7, $6, $7, $8, $9;
}'
MAP_FS_TO_TYPE='/ on / {
key = "";
value = "";
for (i = 1; i <= NF; i++) {
if ($i == "on") {
# Start capturing key from the next field
j = i + 1;
while (j <= NF && $(j) !~ /^\(/) {
key = (key == "") ? $(j) : key " " $(j);
j++;
}
}
if ($i ~ /^\(/) {
value = substr($i, 2); # Remove starting (
# Optionally remove trailing comma/parenthesis if needed
if (substr(value, length(value), 1) == "," || substr(value, length(value), 1) == ")") {
value = substr(value, 1, length(value)-1);
}
}
}
gsub(/ /, "&nbsp;", key); # Replace spaces with &nbsp;
fsTypes[key] = value;
}'
# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
# shellcheck disable=SC2016
PRINTF='{
if ($0 ~ /^Filesystem.*/) {
if (!printedHeader) {
sub("%iused", "IUsePct", $0);
header_field_count = NF;
for (i = 1; i <= NF; i++) {
if ($i == "iused") iusedCol = i;
if ($i == "ifree") ifreeCol = i;
if ($i == "Mounted" && $(i + 1) == "on") {
mountedCol = i;
sub("Mounted on", "MountedOn", $0);
}
}
$(NF + 1) = "Type";
$(NF + 1) = "INodes";
printf "%-50s %-8s %-8s %-8s %-10s %-8s %-8s %-7s %-25s %-10s %-8s\n",
"Filesystem", "Size", "Used", "Avail", "Capacity",
"iused", "ifree", "IUsePct","MountedOn", "Type", "INodes";
printedHeader = 1;
}
next;
}
if (NF >= 8 && $0 !~ /\(.*\)/ && $0 !~ /^.* on \/.* \(/) {
found = 0
for (i = 1; i <= NF - 6; i++) {
cond = ($(i) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i) == "-") &&
($(i+1) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i+1) == "-") &&
($(i+2) ~ /^[0-9.]+[KMGTPBi]*$/ || $(i+2) == "-") &&
($(i+3) ~ /^[0-9]+%$/ || $(i+3) == "-") &&
($(i+4) ~ /^[0-9]+(\.[0-9]+)?[kMGTPBi]?$/ || $(i+4) == "-") &&
($(i+5) ~ /^[0-9]+(\.[0-9]+)?[kMGTPBi]?$/ || $(i+5) == "-") &&
($(i+6) ~ /^[0-9]+%$/ || $(i+6) == "-")
if (cond) {
start = i
found = 1
break
}
}
if (!found) {
next
}
fs = $1
for (j = 2; j < start; j++) {
fs = fs "&nbsp;" $j
}
gsub("^/dev/", "", fs);
gsub("s[0-9]+$", "", fs);
size = $(start)
used = $(start + 1)
avail = $(start + 2)
capacity = $(start + 3)
iused = $(start + 4)
ifree = $(start + 5)
iusepct = $(start + 6)
mounted = $(start + 7)
for (k = start + 8; k <= NF; k++) {
mounted = mounted "&nbsp;" $k
}
fstype = (mounted in fsTypes) ? fsTypes[mounted] : "-";
inodes = iused + ifree;
printf "%-50s %-8s %-8s %-8s %-10s %-8s %-8s %-7s %-25s %-10s %-8s\n",
fs, size, used, avail, capacity,
iused, ifree, iusepct, mounted, fstype, inodes;
}
}'
elif [ "$KERNEL" = "OpenBSD" ] ; then
assertHaveCommand mount

2
bin/hardware.sh
View file

@ -17,7 +17,7 @@ if [ "$KERNEL" = "Linux" ] ; then
CPU_TYPE=$(awk -F: '/model name/ {print $2; exit}' /proc/cpuinfo 2>>"$TEE_DEST")
CPU_CACHE=$(awk -F: '/cache size/ {print $2; exit}' /proc/cpuinfo 2>>"$TEE_DEST")
CPU_COUNT=$(grep -c processor /proc/cpuinfo 2>>"$TEE_DEST")
[ -z "$CPU_TYPE" ] && [ -r /proc/device-tree/compatible ] && CPU_TYPE=$(cat /proc/device-tree/compatible | tr '\0' ',')
[ -z "$CPU_TYPE" ] && [ -r /proc/device-tree/compatible ] && CPU_TYPE=$(cat /proc/device-tree/compatible | sed 's/\0/,/g;s/,$//')
# HDs
# shellcheck disable=SC2010
for deviceBasename in $(ls /sys/block | grep -E -v '^(dm|md|ram|sr|loop)')

8
bin/iostat.sh
View file

@ -10,17 +10,17 @@
assertHaveCommand column
if [ "$KERNEL" = "Linux" ] ; then
CMD='iostat -xky 1 1'
CMD='iostat -xky 60 1'
assertHaveCommand "$CMD"
# considers the device, r/s and w/s columns and returns output of the first interval
FILTER='/Device/ && /r\/s/ && /w\/s/ {f=1;}f'
elif [ "$KERNEL" = "SunOS" ] ; then
CMD='iostat -xn 1 2'
CMD='iostat -xn 60 2'
assertHaveCommand "$CMD"
# considers the device, r/s and w/s columns and returns output of the second interval
FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2'
elif [ "$KERNEL" = "AIX" ] ; then
CMD='iostat 1 2'
CMD='iostat 60 2'
assertHaveCommand "$CMD"
# considers the disks, kb_read and kb_wrtn columns and returns output of the second interval
FILTER='/^cd/ {next} /Disks/ && /Kb_read/ && /Kb_wrtn/ {f++;} f==2'
@ -31,7 +31,7 @@ elif [ "$KERNEL" = "OpenBSD" ] ; then
HEADERIZE="BEGIN {print \"$HEADER\"}"
FILTER=$HEADERIZE'/^[^ \t]/ && !/^(DEVICE|Totals)/{printf "%-7s %.2f %.2f %d %d\n", $1, $2/1024, $3/1024, $4, $5}'
elif [ "$KERNEL" = "FreeBSD" ] ; then
CMD='iostat -x -c 2'
CMD='iostat -x -c 2 -w 60'
assertHaveCommand "$CMD"
# considers the device, r/s and w/s columns and returns output of the second interval
FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2'

8
bin/iostat_metric.sh
View file

@ -11,7 +11,7 @@
assertHaveCommand column
if [ "$KERNEL" = "Linux" ] ; then
CMD='iostat -xky 1 1'
CMD='iostat -xky 60 1'
assertHaveCommand "$CMD"
if [ ! -f "/etc/os-release" ] ; then
DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')"
@ -22,7 +22,7 @@ if [ "$KERNEL" = "Linux" ] ; then
# shellcheck disable=SC2016
PRINTF='{if ($0~/Device/) {printf "%s OSName OS_version IP_address \n", $0} else if (NF!=0) {printf "%s %s %s %s\n", $0, OSName, OS_version, IP_address}}'
elif [ "$KERNEL" = "SunOS" ] ; then
CMD='iostat -xn 1 2'
CMD='iostat -xn 60 2'
# jscpd:ignore-start
assertHaveCommand "$CMD"
DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1)"
@ -31,7 +31,7 @@ elif [ "$KERNEL" = "SunOS" ] ; then
PRINTF='{if ($0~/device/ && /r\/s/ && /w\/s/) {printf "%s OSName OS_version IP_address \n", $0} else if (NF!=0) {printf "%s %s %s %s\n", $0, OSName, OS_version, IP_address}}'
# jscpd:ignore-end
elif [ "$KERNEL" = "AIX" ] ; then
CMD='iostat 1 2'
CMD='iostat 60 2'
assertHaveCommand "$CMD"
DEFINE="-v OSName=$(uname -s) -v OS_version=$(oslevel -r | cut -d'-' -f1) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1)"
FILTER='/^cd/ {next} /Disks/ && /Kb_read/ && /Kb_wrtn/ {f++;} f==2'
@ -45,7 +45,7 @@ elif [ "$KERNEL" = "OpenBSD" ] ; then
HEADERIZE="BEGIN {print \"$HEADER\"}"
FILTER=$HEADERIZE'/^[^ \t]/ && !/^(DEVICE|Totals)/{printf "%-7s %.2f %.2f %d %d %s %s %s\n", $1, $2/1024, $3/1024, $4, $5, OSName, OS_version, IP_address}'
elif [ "$KERNEL" = "FreeBSD" ] ; then
CMD='iostat -x -c 2'
CMD='iostat -x -c 2 -w 60'
assertHaveCommand "$CMD"
DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1)"
FILTER='/device/ && /r\/s/ && /w\/s/ {f++;} f==2'

3
bin/lsof.sh
View file

@ -21,7 +21,8 @@ if [[ "$KERNEL" = "Linux" ]] || [[ "$KERNEL" = "HP-UX" ]] || [[ "$KERNEL" = "Dar
# shellcheck disable=SC2016
FILTER='/KQUEUE|PIPE|PSXSEM/ {next}'
elif [ "$KERNEL" = "FreeBSD" ] ; then
if [[ $KERNEL_RELEASE =~ 11.* ]] || [[ $KERNEL_RELEASE =~ 12.* ]] || [[ $KERNEL_RELEASE =~ 13.* ]]; then
major=${KERNEL_RELEASE%%.*}
if ((major >= 13)); then
# empty condition to allow the execution of script as is
echo > /dev/null
else

2
bin/nfsiostat.sh
View file

@ -50,7 +50,7 @@ if [ "$KERNEL" = "Linux" ] ; then
then
# shellcheck disable=SC2016
OS_RELEASE=$(awk -F= '/^ID=/ {gsub(/"/, "", $2); id=$2} /^VERSION_ID=/ {gsub(/"/, "", $2); ver=$2} END {print id ":" ver}' "$OS_FILE")
if [ "$OS_RELEASE" = "ubuntu:18.04" ] || [ "$OS_RELEASE" = "ubuntu:20.04" ] || [ "$OS_RELEASE" = "ubuntu:22.04" ] || [ "$OS_RELEASE" = "rocky:9.5" ] || [ "$OS_RELEASE" = "almalinux:9.5" ] || [ "$OS_RELEASE" = "ol:8.9" ] ; then # Ubuntu 18.04, 20.04 and 22.04 # Rocky or AlmaLinux 9.5 # Oracle Linux 8.9
if [ "$OS_RELEASE" = "ubuntu:18.04" ] || [ "$OS_RELEASE" = "ubuntu:20.04" ] || [ "$OS_RELEASE" = "ubuntu:22.04" ] || [ "$OS_RELEASE" = "ubuntu:24.04" ] || [ "$OS_RELEASE" = "rocky:9.5" ] || [ "$OS_RELEASE" = "almalinux:9.5" ] || [ "$OS_RELEASE" = "ol:8.9" ] ; then # Ubuntu 18.04, 20.04 and 22.04 # Rocky or AlmaLinux 9.5 # Oracle Linux 8.9
# shellcheck disable=SC2016
FORMAT='{
if (NR%10==2){

10
bin/ps.sh
View file

@ -6,15 +6,18 @@
. "$(dirname "$0")"/common.sh
# shellcheck disable=SC2166
if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then
if [ "$KERNEL" = "Linux" ] ; then
assertHaveCommand ps
CMD='ps auxww'
CMD='ps -wweo user,pid,%cpu,%mem,vsz,rss,tname,stat,start_time,bsdtime,etime,command'
elif [ "$KERNEL" = "AIX" ] ; then
assertHaveCommandGivenPath /usr/sysv/bin/ps
CMD='/usr/sysv/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args'
elif [ "$KERNEL" = "SunOS" ] ; then
assertHaveCommandGivenPath /usr/bin/ps
CMD='/usr/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args'
elif [ "$KERNEL" = "Darwin" ] ; then
assertHaveCommand ps
CMD='ps axo user,pid,%cpu,cputime,%mem,rss,vsz,tt,state,start,etime,command'
elif [ "$KERNEL" = "HP-UX" ] ; then
HEADER='USER PID PSR pctCPU CPUTIME pctMEM RSZ_KB VSZ_KB TTY S ELAPSED COMMAND ARGS'
# shellcheck disable=SC2016
@ -35,6 +38,9 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FORMAT $PRINTF" header="$HEADER"
echo "Cmd = [$CMD]; | $AWK '$HEADERIZE $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
exit
elif [ "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then
assertHaveCommand ps
CMD='ps axo user,pid,%cpu,cputime,%mem,rss,vsz,tt,state,start,etime,command'
fi
# shellcheck disable=SC2016

22
bin/ps_metric.sh
View file

@ -8,19 +8,19 @@
. "$(dirname "$0")"/common.sh
# shellcheck disable=SC2166
if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then
if [ "$KERNEL" = "Linux" ] ; then
assertHaveCommand ps
CMD='ps auxww'
if [ "$KERNEL" = "Linux" ] ; then
if [ ! -f "/etc/os-release" ] ; then
DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
else
DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
fi
elif [ "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then
# Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
CMD='ps -wweo user,pid,%cpu,%mem,vsz,rss,tname,stat,start_time,bsdtime,etime,command'
if [ ! -f "/etc/os-release" ] ; then
DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
else
DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
fi
elif [ "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then
assertHaveCommand ps
CMD='ps axo user,pid,%cpu,%mem,vsz,rss,tt,state,start,cputime,etime,command'
# Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
elif [ "$KERNEL" = "AIX" ] ; then
assertHaveCommandGivenPath /usr/sysv/bin/ps
CMD='/usr/sysv/bin/ps -eo user,pid,psr,pcpu,time,pmem,rss,vsz,tty,s,etime,args'

36
bin/rlog.sh
View file

@ -18,7 +18,8 @@ else
fi
CURRENT_AUDIT_FILE=/var/log/audit/audit.log # For handling upgrade scenarios
TMP_ERROR_FILTER_FILE=$(mktemp) # For filering out "no matches" error from stderr
AUDIT_FILE="/var/log/audit/audit.log*"
AUDIT_LOG_DIR="/var/log/audit"
AUDIT_FILES=$(ls -1 "${AUDIT_LOG_DIR}"/audit.log "${AUDIT_LOG_DIR}"/audit.log.[0-9]* 2>/dev/null | sort -V)
if [ "$KERNEL" = "Linux" ] ; then
assertHaveCommand service
@ -28,25 +29,32 @@ if [ "$KERNEL" = "Linux" ] ; then
if [ -e "$SEEK_FILE" ] ; then
SEEK_TIME=$(head -1 "$SEEK_FILE")
# shellcheck disable=SC2086
awk " { print } " $AUDIT_FILE | /sbin/ausearch -i -ts $SEEK_TIME -te $CURRENT_TIME 2>$TMP_ERROR_FILTER_FILE | grep -v "^----";
# shellcheck disable=SC2086
grep -v "<no matches>" < $TMP_ERROR_FILTER_FILE 1>&2
for AUDIT_FILE in $AUDIT_FILES; do
# shellcheck disable=SC2086
/sbin/ausearch -i -ts $SEEK_TIME -te $CURRENT_TIME -if "$AUDIT_FILE" 2>"$TMP_ERROR_FILTER_FILE" | grep -v "^----"
# shellcheck disable=SC2086
grep -v "<no matches>" <"$TMP_ERROR_FILTER_FILE" 1>&2
done
elif [ -e "$OLD_SEEK_FILE" ] ; then
rm -rf "$OLD_SEEK_FILE" # remove previous checkpoint
# start ingesting from the first entry of current audit file
# shellcheck disable=SC2086
awk ' { print } ' $CURRENT_AUDIT_FILE | /sbin/ausearch -i -te $CURRENT_TIME 2>$TMP_ERROR_FILTER_FILE | grep -v "^----";
# shellcheck disable=SC2086
grep -v "<no matches>" <$TMP_ERROR_FILTER_FILE 1>&2
for AUDIT_FILE in $AUDIT_FILES; do
# start ingesting from the first entry of current audit file
# shellcheck disable=SC2086
/sbin/ausearch -i -te $CURRENT_TIME -if "$AUDIT_FILE" 2>"$TMP_ERROR_FILTER_FILE" | grep -v "^----"
# shellcheck disable=SC2086
grep -v "<no matches>" <"$TMP_ERROR_FILTER_FILE" 1>&2
done
else
# no checkpoint found
# shellcheck disable=SC2086
awk " { print } " $AUDIT_FILE | /sbin/ausearch -i -te $CURRENT_TIME 2>$TMP_ERROR_FILTER_FILE | grep -v "^----";
# shellcheck disable=SC2086
grep -v "<no matches>" <$TMP_ERROR_FILTER_FILE 1>&2
for AUDIT_FILE in $AUDIT_FILES; do
# shellcheck disable=SC2086
/sbin/ausearch -i -te $CURRENT_TIME -if "$AUDIT_FILE" 2>"$TMP_ERROR_FILTER_FILE" | grep -v "^----"
# shellcheck disable=SC2086
grep -v "<no matches>" <"$TMP_ERROR_FILTER_FILE" 1>&2
done
fi
echo "$CURRENT_TIME" > "$SEEK_FILE" # Checkpoint+

11
bin/vmstat.sh
View file

@ -22,6 +22,11 @@ if [ "$KERNEL" = "Linux" ] ; then
assertHaveCommand ps
assertHaveCommand vmstat
assertHaveCommand sar
PAGE_SIZE=$(getconf PAGE_SIZE)
HEADERIZE="BEGIN {
print \"$HEADER\"
pageSize = $PAGE_SIZE
}"
# shellcheck disable=SC2016
CMD='eval uptime ; ps -e | wc -l ; ps -eT | wc -l ; vmstat -s ; `dirname $0`/hardware.sh; sar -B 1 2; sar -I SUM 1 2'
# shellcheck disable=SC2016
@ -29,7 +34,7 @@ if [ "$KERNEL" = "Linux" ] ; then
# shellcheck disable=SC2016
PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}'
# shellcheck disable=SC2016
PARSE_2='/(K|pages) paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
PARSE_2='/pages paged out$/ {pgPageOut=$1} /K paged out$/ {pgPageOut=int($1*1024/pageSize)} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
# shellcheck disable=SC2016
PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}'
# shellcheck disable=SC2016
@ -67,9 +72,9 @@ elif [ "$KERNEL" = "SunOS" ] ; then
# Sample output: http://opensolarisforum.org/man/man1/sar.html
if [ "$SOLARIS_10" = "true" ] || [ "$SOLARIS_11" = "true" ] ; then
# shellcheck disable=SC2016
PARSE_6='($1 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$3;}'
PARSE_6='($1 ~ "atch*") {nr[NR+10]} NR in nr {pgPageIn_PS=$4;}'
# shellcheck disable=SC2016
PARSE_7='($3 ~ "ppgout*") {nr2[NR+3]} NR in nr2 {pgPageOut_PS=$3}'
PARSE_7='($3 ~ "ppgout*") {nr2[NR+10]} NR in nr2 {pgPageOut_PS=$3}'
else
# shellcheck disable=SC2016
PARSE_6='($3 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$5}'

14
bin/vmstat_metric.sh
View file

@ -26,16 +26,16 @@ if [ "$KERNEL" = "Linux" ] ; then
# shellcheck disable=SC2016
CMD='eval uptime ; ps -e | wc -l ; ps -eT | wc -l ; vmstat -s ; `dirname $0`/hardware.sh; sar -B 1 2; sar -I SUM 1 2'
if [ ! -f "/etc/os-release" ] ; then
DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')"
DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1) -v PAGE_SIZE=$(getconf PAGE_SIZE)"
else
DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}')"
DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1) -v PAGE_SIZE=$(getconf PAGE_SIZE)"
fi
# shellcheck disable=SC2016
PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} NR==3 {threads=$1}'
# shellcheck disable=SC2016
PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}'
# shellcheck disable=SC2016
PARSE_2='/(K|pages) paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
PARSE_2='/pages paged out$/ {pgPageOut=$1} /K paged out$/ {pgPageOut=int($1*1024/PAGE_SIZE)} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
# shellcheck disable=SC2016
PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}'
# shellcheck disable=SC2016
@ -73,10 +73,10 @@ elif [ "$KERNEL" = "SunOS" ] ; then
PARSE_5='/^CPU_COUNT/ {cpuCount=$2}'
# Sample output: http://opensolarisforum.org/man/man1/sar.html
if [ "$SOLARIS_10" = "true" ] || [ "$SOLARIS_11" = "true" ] ; then
# shellcheck disable=SC2016
PARSE_6='($1 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$3;}'
# shellcheck disable=SC2016
PARSE_7='($3 ~ "ppgout*") {nr2[NR+3]} NR in nr2 {pgPageOut_PS=$3}'
# shellcheck disable=SC2016
PARSE_6='($1 ~ "atch*") {nr[NR+10]} NR in nr {pgPageIn_PS=$4;}'
# shellcheck disable=SC2016
PARSE_7='($3 ~ "ppgout*") {nr2[NR+10]} NR in nr2 {pgPageOut_PS=$3}'
else
# shellcheck disable=SC2016
PARSE_6='($3 ~ "atch*") {nr[NR+3]} NR in nr {pgPageIn_PS=$5}'

6
default/app.conf
View file

@ -7,7 +7,7 @@
[install]
is_configured = false
state = enabled
build = 1738793362
build = 1748985697
[ui]
setup_view = ta_nix_configuration
@ -17,7 +17,7 @@ docs_section_override = AddOns:released
[launcher]
author = Michael Erdely
version = 10.0.0.1
version = 10.1.0.0
description = Technical Add-on for Unix and Linux
#[package]
@ -26,5 +26,5 @@ description = Technical Add-on for Unix and Linux
[id]
name = TA-unix
version = 10.0.0.1
version = 10.1.0.0

20
default/props.conf
View file

@ -97,7 +97,7 @@ LINE_BREAKER = ([\r\n]+)
KV_MODE = json
NO_BINARY_CHECK = true
TRUNCATE=1000000
TRANSFORMS-docker-metric-dimensions=eval_dimensions
TRANSFORMS-docker-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_docker
[vmstat_metric]
@ -108,7 +108,7 @@ DATETIME_CONFIG = CURRENT
KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
TRANSFORMS-vmstat-metric-dimensions=eval_dimensions
TRANSFORMS-vmstat-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_vmstat
[cpu_metric]
@ -121,7 +121,7 @@ TRUNCATE=1000000
KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
TRANSFORMS-cpu-metric-dimensions=eval_dimensions
TRANSFORMS-cpu-metric-dimensions=splunk_ta_nix_eval_dimensions
TRANSFORMS-cpu-metric-field=extract_cpu_metric_field
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_cpu
@ -133,7 +133,7 @@ DATETIME_CONFIG = CURRENT
KV_MODE = none
INDEXED_EXTRACTIONS = TSV
TRANSFORMS-df-metrics=extract_df_metrics
TRANSFORMS-df-metric-dimensions=eval_dimensions
TRANSFORMS-df-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_df
[interfaces_metric]
@ -145,7 +145,7 @@ KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
EVAL-Duplex=case(Duplex==2,"Full", Duplex==1,"Half", Duplex==0, "Unknown", true(), Duplex)
TRANSFORMS-interfaces-metric-dimensions=eval_dimensions
TRANSFORMS-interfaces-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_interfaces
[iostat_metric]
@ -157,7 +157,7 @@ KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
TRANSFORMS-iostat-metrics-field=extract_iostat_metrics_field
TRANSFORMS-iostat-metric-dimensions=eval_dimensions
TRANSFORMS-iostat-metric-dimensions=splunk_ta_nix_eval_dimensions
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_iostat
[ps_metric]
@ -168,7 +168,7 @@ DATETIME_CONFIG = CURRENT
KV_MODE = none
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER=whitespace
TRANSFORMS-ps-metric-dimensions=eval_dimensions
TRANSFORMS-ps-metric-dimensions=splunk_ta_nix_eval_dimensions
TRANSFORMS-ps-metric-field=extract_ps_metric_field
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_ps
@ -221,9 +221,11 @@ TRUNCATE=1000000
DATETIME_CONFIG = CURRENT
KV_MODE = multi
FIELDALIAS-dest_for_df = host as dest
FIELDALIAS-filesystem_for_df = Filesystem AS filesystem
FIELDALIAS-filesystem_type_for_df = Type as filesystem_type
FIELDALIAS-mount_for_df = MountedOn AS mount
EVAL-Filesystem = replace(Filesystem, "&nbsp;", " ")
EVAL-filesystem = replace(Filesystem, "&nbsp;", " ")
EVAL-MountedOn = replace(MountedOn, "&nbsp;", " ")
EVAL-mount = replace(MountedOn, "&nbsp;", " ")
EVAL-Type = coalesce('Type',"?")
EVAL-filesystem_type = coalesce('Type',"?")
EVAL-Size = coalesce('Size','1024_blocks')

2
default/transforms.conf
View file

@ -179,7 +179,7 @@ REGEX=[[dhcp_prefix_src]]reuse_lease:\s+lease\s+age.*under.*threshold,\s+reply\s
###### Scripted Metric Inputs ######
[eval_dimensions]
[splunk_ta_nix_eval_dimensions]
# Support for omitting the IPv6 Address field when the script output doesn't include an IPv6 Address
INGEST_EVAL = metric_name=sourcetype, entity_type="TA_Nix", OS_name=replace(OSName, "_", " "), IPv6_address = if(IPv6_Address=="?", null(), IPv6_Address)

8
docs/ReleaseNotes.md
View file

@ -1,5 +1,13 @@
# Technical Add-on for Unix and Linux
## Version 10.0.0.2 (
Minor fixes
Changes:
* Make RPI CPU_TYPE not have trailing comma
## Version 10.0.0.1 (2025-02-19)
Fix report CPU_TYPE in hardware.sh for RPIs