Import Splunk Add-On for Unix and Linux version 10.0.0

2025-02-05 17:17:23 -05:00
53 changed files with 624 additions and 1140 deletions
--- a/23
+++ b/23
@ -1,23 +0,0 @@
 TEMP_DIR := $(shell mktemp -d)
 WORK_DIR := $(TEMP_DIR)/TA-unix
 VERSION := $(shell head -n1 VERSION)
 TAR_FILE := ./ta-for-unix-and-linux-$(VERSION).tgz
 all: release
 updateversion:
 ifndef NEW
 	$(error NEW is not specified. Usage make NEW=<newversion> updateversion)
 endif
 	sed -ri "s/$(VERSION)/$(NEW)/g" app.manifest default/app.conf VERSION
 release:
 	mkdir -p $(WORK_DIR)
 	cp -R . $(WORK_DIR)/
 	rm -Rf $(WORK_DIR)/Makefile $(WORK_DIR)/.git $(WORK_DIR)/local $(WORK_DIR)/bin/__pycache__ $(WORK_DIR)/ta-for-unix-and-linux-*.tgz
 	tar -C $(TEMP_DIR) -czf $(TAR_FILE) TA-unix
 	test -d $(HOME)/Downloads && cp $(TAR_FILE) $(HOME)/Downloads
 	rm -Rf $(TEMP_DIR)
 clean:
 	rm -Rf ./ta-for-unix-and-linux-*.tgz $(TEMP_DIR)
--- a/README.txt
+++ b/README.txt
@ -1,8 +1,4 @@
-Technical Add-on for Unix and Linux
+Splunk Add-on for Unix and Linux
 Copyright (C) 2025 Michael Erdely All Rights Reserved.
 Copyright (C) 2024 Splunk Inc. All Rights Reserved.
-For documentation, see: https://git.erdelynet.com/mike/TA-unix/src/branch/main/docs/ReleaseNotes.md
+For documentation, see: https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/
 For documentation on Splunk's Add-on for Unix and Linux (which applies to this TA too), see:
 https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-10.0.0.1
+10.0.0
-10.0.0.1
+10.0.0
--- a/app.manifest
+++ b/app.manifest
@ -4,9 +4,9 @@
  "info": {
    "author": [
      {
-        "name": "Michael Erdely",
+        "name": "Splunk, Inc.",
-        "email": mike@erdelynet.com,
+        "email": null,
-        "company": "erdelynet.com"
+        "company": null
      }
    ],
    "classification": {
@ -25,11 +25,11 @@
      "Network Sessions": "==6.0.2",
      "Performance": "==4.20.2"
    },
-    "description": "Technical Add-on for Unix and Linux",
+    "description": "Splunk Add-on for Unix and Linux",
    "id": {
      "group": null,
-      "name": "TA-unix",
+      "name": "Splunk_TA_nix",
-      "version": "10.0.0.1"
+      "version": "10.0.0"
    },
    "license": {
      "name": "Splunk Software License Agreement",
@ -45,9 +45,9 @@
    "releaseNotes": {
      "name": "README",
      "text": "./README.txt",
-      "uri": "https://git.erdelynet.com/mike/TA-unix/docs/ReleaseNotes.md"
+      "uri": "https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Releasenotes"
    },
-    "title": "Technical Add-on for Unix and Linux"
+    "title": "Splunk Add-on for Unix and Linux"
  },
  "inputGroups": null,
  "platformRequirements": null,
@ -63,4 +63,4 @@
    "_indexers"
  ],
  "tasks": null
-}
+}
--- a/appserver/static/components/js_sdk_extensions/scripted_inputs.js
+++ b/appserver/static/components/js_sdk_extensions/scripted_inputs.js
@ -25,7 +25,7 @@ define([
  root.ScriptedInput = root.Entity.extend({
    path: function () {
      // Approximate path - accepts reads only
-      // ex: data/inputs/script/%2FApplications%2Fsplunk_622light_unix%2Fetc%2Fapps%2FTA-unix%2Fbin%2Fcpu.sh
+      // ex: data/inputs/script/%2FApplications%2Fsplunk_622light_unix%2Fetc%2Fapps%2FSplunk_TA_nix%2Fbin%2Fcpu.sh
      return Paths.monitorInputs + '/' + encodeURIComponent(this.name)
    },
--- a/appserver/static/setup.js
+++ b/appserver/static/setup.js
@ -9,8 +9,8 @@ require([
  'splunkjs/mvc/simplexml/ready!',
  'underscore',
  'jquery',
-  '../app/TA-unix/components/js_sdk_extensions/scripted_inputs',
+  '../app/Splunk_TA_nix/components/js_sdk_extensions/scripted_inputs',
-  '../app/TA-unix/components/js_sdk_extensions/monitor_inputs'
+  '../app/Splunk_TA_nix/components/js_sdk_extensions/monitor_inputs'
 ], function (mvc, ignored, _, $, sdkx_scripted_inputs, sdkx_monitor_inputs) {
  var ScriptedInputs = sdkx_scripted_inputs.ScriptedInputs
  var MonitorInputs = sdkx_monitor_inputs.MonitorInputs
@ -66,11 +66,11 @@ require([
  var monitorInputs = {}
  new MonitorInputs(service, {
    owner: '-',
-    app: 'TA-unix',
+    app: 'Splunk_TA_nix',
    sharing: 'app'
  }).fetch(function (err, inputs) {
    var inputsList = _.filter(inputs.list(), function (input) {
-      return input.namespace.app === 'TA-unix'
+      return input.namespace.app === 'Splunk_TA_nix'
    })
    _.each(inputsList, function (input) {
@ -93,7 +93,7 @@ require([
  var scriptedMetricInputs = {}
  new ScriptedInputs(service, {
    owner: '-',
-    app: 'TA-unix',
+    app: 'Splunk_TA_nix',
    sharing: 'app'
  }).fetch(function (err, inputs) {
    var inputsList = _.filter(inputs.list(), function (input) {
@ -101,7 +101,7 @@ require([
        .substring(input.name.lastIndexOf('/') + 1)
        .split('_')
      return (
-        input.namespace.app === 'TA-unix' &&
+        input.namespace.app === 'Splunk_TA_nix' &&
        input_name[input_name.length - 1] === 'metric.sh'
      )
    })
@ -129,7 +129,7 @@ require([
  var scriptedEventInputs = {}
  new ScriptedInputs(service, {
    owner: '-',
-    app: 'TA-unix',
+    app: 'Splunk_TA_nix',
    sharing: 'app'
  }).fetch(function (err, inputs) {
    var inputsList = _.filter(inputs.list(), function (input) {
@ -137,7 +137,7 @@ require([
        .substring(input.name.lastIndexOf('/') + 1)
        .split('_')
      return (
-        input.namespace.app === 'TA-unix' &&
+        input.namespace.app === 'Splunk_TA_nix' &&
        input_name[input_name.length - 1] !== 'metric.sh'
      )
    })
--- a/bin/bandwidth.sh
+++ b/bin/bandwidth.sh
@ -1,5 +1,4 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
@ -7,8 +6,6 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 HEADER='Name    rxPackets_PS txPackets_PS rxKB_PS txKB_PS'
 HEADERIZE="BEGIN {print \"$HEADER\"}"
 PRINTF='{printf "%s    %s  %s  %s  %s\n", Name, rxPackets_PS, txPackets_PS, rxKB_PS, txKB_PS}'
@ -69,11 +66,11 @@ elif [ "$KERNEL" = "AIX" ] ; then
    # shellcheck disable=SC2016
    FORMAT='{Name=$1; rxPackets_PS=$5; txPackets_PS=$7; rxKB_PS="?"; txKB_PS="?"}'
 elif [ "$KERNEL" = "Darwin" ] ; then
-    CMD='eval ifconfig -a -u | awk "/^[^ \t]/{i=substr(\$1,1,length(\$1)-1)}/status: active/{print i}" | while read -r int; do netstat -bnI $int -w 1 | head -n3 | sed "s/^/$int/"; done'
+    CMD='sar -n DEV 1 2'
    # shellcheck disable=SC2016
-    FILTER='$2~/^(input|packets)$/{next}'
+    FILTER='($0 !~ "Average" || $0 ~ "sar" || $2~/lo[0-9]|IFACE/) {next}'
    # shellcheck disable=SC2016
-    FORMAT='{Name=$1; rxPackets_PS=$2; txPackets_PS=$5; rxKB_PS=$4/1024; txKB_PS=$7/1024}'
+    FORMAT='{Name=$2; rxPackets_PS=$3; txPackets_PS=$5; rxKB_PS=$4/1024; txKB_PS=$6/1024}'
 elif [ "$KERNEL" = "HP-UX" ] ; then
    # Sample output: http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c02263324
    CMD='netstat -i 1 2'
@ -81,10 +78,6 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
    FILTER='($0 ~ "Name|sar| lo") {next}'
    # shellcheck disable=SC2016
    FORMAT='{Name=$1; rxPackets_PS=$5; txPackets_PS=$7; rxKB_PS=?; txKB_PS=?}'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
    CMD='eval ifconfig -a | awk "/UP/ && /RUNNING/ && \$1 != \"lo0:\" {print substr(\$1, 1, length(\$1) - 1)}" | while read -r int; do echo $int $(netstat -bnI $int -w 1 | head -n4 | tail -n1) $(netstat -nI $int -w 1 | head -n 4 | tail -n1 ); done'
    # shellcheck disable=SC2016
    FORMAT='{Name=$1; rxPackets_PS=$6; txPackets_PS=$8; rxKB_PS=$2/1024; txKB_PS=$2/1024}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
    CMD='sar -n DEV 1 2'
    # shellcheck disable=SC2016
@ -94,6 +87,6 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 fi
 assertHaveCommand "$CMD"
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $PRINTF"  header="$HEADER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $PRINTF"  header="$HEADER"
 echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
 # jscpd:ignore-end
--- a/bin/common.sh
+++ b/bin/common.sh
@ -71,9 +71,6 @@ case "x$KERNEL" in
        ;;
    "xFreeBSD")
        ;;
    "xOpenBSD")
        AWK=gawk
        ;;
    "xAIX")
        ;;
    "xHP-UX")
--- a/bin/cpu.sh
+++ b/bin/cpu.sh
@ -5,8 +5,6 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 HEADER='Datetime                     CPU    pctUser    pctNice  pctSystem  pctIowait    pctIdle'
 HEADERIZE="BEGIN {print \"$HEADER\"}"
 PRINTF='{printf "%-28s %-3s  %9s  %9s  %9s  %9s  %9s\n", datetime, cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle}'
@ -38,7 +36,7 @@ if [ "$KERNEL" = "Linux" ] ; then
        printf "%-28s %-3s  %9s  %9s  %9s  %9s  %9s\n", datetime, cpu, pctUser, pctNice, pctSystem, pctIowait, pctIdle;
    }
    }'
-    $CMD | tee "$TEE_DEST" | $AWK "$FILTER $FORMAT $PRINTF"  header="$HEADER" | column -t
+    $CMD | tee "$TEE_DEST" | $AWK "$FILTER $FORMAT $PRINTF"  header="$HEADER"
    echo "Cmd = [$CMD];  | $AWK '$FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
    exit
 elif [ "$KERNEL" = "SunOS" ] ; then
@ -161,7 +159,7 @@ elif [ "$KERNEL" = "AIX" ] ; then
            print "";
        }'
    fi
-    $CMD | tee "$TEE_DEST" | $AWK $DEFINE "$FORMAT" | column -t
+    $CMD | tee "$TEE_DEST" | $AWK $DEFINE "$FORMAT"
    echo "Cmd = [$CMD];  | $AWK $DEFINE '$FORMAT'" >> "$TEE_DEST"
    exit
 elif [ "$KERNEL" = "Darwin" ] ; then
@ -200,29 +198,9 @@ elif [ "$KERNEL" = "Darwin" ] ; then
        printf "%-28s %-3s  %9s  %9s  %9s \n", datetime, cpu, pctUser, pctSystem, pctIdle;
    }'
-    $CMD | tee "$TEE_DEST" | $AWK "$FILTER $FORMAT $PRINTF" header="$HEADER" | column -t
+    $CMD | tee "$TEE_DEST" | $AWK "$FILTER $FORMAT $PRINTF" header="$HEADER"
    echo "Cmd = [$CMD]; | $AWK '$FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
    exit
 elif [ "$KERNEL" = "OpenBSD" ] ; then
    formatted_date=$(date +"%m/%d/%y_%H:%M:%S_%Z")
    CMD='eval top -1 -b; top -b'
    assertHaveCommand "$CMD"
    # shellcheck disable=SC2016
    FILTER='($0 !~ "^([0-9]+[\t ]+)?CPU"){next;}'
    # shellcheck disable=SC2016
    FORMAT='{
 	if ($1 ~ /^[0-9]+$/)
 		cpu="all";
 	else if ($1 ~ /^CPU[0-9]+$/)
 		cpu=substr($1,4);
 	else cpu=0;
 	datetime="'"$formatted_date"'";
 	pctUser=substr($3,1,length($3)-1);
 	pctNice=substr($5,1,length($5)-1);
 	pctSystem=substr($7,1,length($7)-1);
 	pctIowait=substr($11,1,length($11)-1);
 	pctIdle=substr($13,1,length($13)-1);
 	}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
    formatted_date=$(date +"%m/%d/%y_%H:%M:%S_%Z")
    CMD='eval top -P -d2 c; top -d2 c'
@ -253,5 +231,5 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 			}'
 fi
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $PRINTF"  header="$HEADER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $PRINTF"  header="$HEADER"
 echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILTER $FORMAT $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
--- a/bin/cpu_metric.sh
+++ b/bin/cpu_metric.sh
@ -1,13 +1,10 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 HEADER='Datetime                        pctUser    pctNice  pctSystem  pctIowait    pctIdle    OSName                                   OS_version  IP_address        CPU'
 HEADERIZE="BEGIN {print \"$HEADER\"}"
 PRINTF='{printf "%-28s  %9s  %9s  %9s  %9s  %9s    %-35s %15s  %-16s  %-3s\n", datetime, pctUser, pctNice, pctSystem, pctIowait, pctIdle, OSName, OS_version, IP_address,cpu}'
@ -19,9 +16,9 @@ if [ "$KERNEL" = "Linux" ] ; then
    queryHaveCommand mpstat
    FOUND_MPSTAT=$?
    if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')"
+        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1)"
    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}')"
+        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1)"
    fi
    if [ $FOUND_SAR -eq 0 ] ; then
        CMD='sar -P ALL 2 5'
@ -154,7 +151,7 @@ elif [ "$KERNEL" = "AIX" ] ; then
            print "";
        }'
    fi
-    $CMD | tee "$TEE_DEST" | $AWK $DEFINE $DEFINE_LPARSTAT_FIELDS "$FORMAT $FILL_DIMENSIONS" | column -t
+    $CMD | tee "$TEE_DEST" | $AWK $DEFINE $DEFINE_LPARSTAT_FIELDS "$FORMAT $FILL_DIMENSIONS"
    echo "Cmd = [$CMD];  | $AWK $DEFINE $DEFINE_LPARSTAT_FIELDS '$FORMAT $FILL_DIMENSIONS'" >>"$TEE_DEST"
    exit
 elif [ "$KERNEL" = "Darwin" ] ; then
@ -193,28 +190,6 @@ elif [ "$KERNEL" = "Darwin" ] ; then
        OS_version=OS_version;
        IP_address=IP_address;
    }'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
    formatted_date=$(date +"%m/%d/%y_%H:%M:%S_%Z")
    CMD='eval top -1 -b; top -b'
    assertHaveCommand "$CMD"
    # shellcheck disable=SC2016
    FILTER='($0 !~ "^([0-9]+[\t ]+)?CPU"){next;}'
    # shellcheck disable=SC2016
    DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
    # shellcheck disable=SC2016
    FORMAT='{
 				if ($1 ~ /^[0-9]+$/)
 					cpu="all";
 				else if ($1 ~ /^CPU[0-9]+$/)
 					cpu=substr($1,4);
 				else cpu=0;
 				datetime="'"$formatted_date"'";
 				pctUser=substr($3,1,length($3)-1);
 				pctNice=substr($5,1,length($5)-1);
 				pctSystem=substr($7,1,length($7)-1);
 				pctIowait=substr($11,1,length($11)-1);
 				pctIdle=substr($13,1,length($13)-1);
 			}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
    formatted_date=$(date +"%m/%d/%y_%H:%M:%S_%Z")
    CMD='eval top -P -d2 c; top -d2 c'
@ -250,5 +225,5 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 			}'
 fi
 # shellcheck disable=SC2086
-$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$HEADERIZE $FILTER $FORMAT $FILL_DIMENSIONS $PRINTF" header="$HEADER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$HEADERIZE $FILTER $FORMAT $FILL_DIMENSIONS $PRINTF" header="$HEADER"
 echo "Cmd = [$CMD];  | $AWK $DEFINE '$HEADERIZE $FILTER $FORMAT $FILL_DIMENSIONS $PRINTF' header=\"$HEADER\"" >>"$TEE_DEST"
--- a/bin/df.sh
+++ b/bin/df.sh
@ -1,13 +1,10 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 # jscpd:ignore-start
 if [ "$KERNEL" = "Linux" ] ; then
 	assertHaveCommand df
@ -15,9 +12,7 @@ if [ "$KERNEL" = "Linux" ] ; then
 	# shellcheck disable=SC2016
 	BEGIN='BEGIN { OFS = "\t" }'
 	# shellcheck disable=SC2016
-	FILTER_PRE='$2=="btrfs"&&btrfs[$1]==1{next}$2=="btrfs"{btrfs[$1]=1}'
+	FILTER_POST='/(devtmpfs|tmpfs)/ {next}'
 	# shellcheck disable=SC2016
 	FILTER_POST='/(devtmpfs|tmpfs|efivars)/ {next}'
 	# shellcheck disable=SC2016
 	PRINTF='
 	{
@ -219,43 +214,50 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	#Maps fsType
 	# shellcheck disable=SC2016
 	MAP_FS_TO_TYPE='/ on / {
-		for (i = 1; i <= NF; i++) {
+		for(i=1;i<=NF;i++){
-			if ($i == "on" && $(i + 1) ~ /^\/.*/)
+			if($i=="on" && $(i+1) ~ /^\/.*/)
 			{
 				key=$(i+1);
 			}
 			if($i ~ /^\(/)
-				value = substr($i, 2, length($i) - 2);
+				value=substr($i,2,length($i)-2);
 		}
-		fsTypes[key] = value;
+		fsTypes[key]=value;
 	}'
 	PRINTF='/^Filesystem/ {
 		printf "Filesystem\tType\tSize\tUsed\tAvail\tUse%%\tInodes\tIUsed\tIFree\tIUse%%\tMountedOn\n";
 	}
 	$0 !~ /^Filesystem/ && $0 !~ / on / {
 		printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, fsTypes[$NF], $2, $3, $4, $5, $6+$7, $6, $7, $8, $9;
 	}'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	assertHaveCommand mount
 	assertHaveCommand df
 	CMD='eval mount -t nodevfs,nonfs,noswap,nocd9660; df -ih -t nodevfs,nonfs,noswap,nocd9660'
 	# shellcheck disable=SC2016
 	BEGIN='BEGIN { OFS = "\t" }'
 	#Maps fsType
 	# shellcheck disable=SC2016
 	MAP_FS_TO_TYPE='/ on / {
 		for (i = 1; i <= NF; i++){
 			if ($i == "on" && $(i + 1) ~ /^\/.*/)
 				key = $(i + 1);
 		}
 		fsTypes[key] = $5;
 	}'
 	# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
 	# shellcheck disable=SC2016
-	PRINTF='/^Filesystem/ {
+	PRINTF='
-		print "Filesystem\tType\tSize\tUsed\tAvail\tUse%\tInodes\tIUsed\tIFree\tIUse%\tMountedOn";
+	{
 		if($0 ~ /^Filesystem.*/){
 			sub("%iused","IUsePct",$0);
 			for(i=1;i<=NF;i++){
 				if($i=="iused") iusedCol=i;
 				if($i=="ifree") ifreeCol=i;
 				if($i=="Mounted" && $(i+1)=="on"){
 					mountedCol=i;
 					sub("Mounted on","MountedOn",$0);
 				}
 			}
 			$(NF+1)="Type";
 			$(NF+1)="INodes";
 			print $0;
 		}
 	}
-	$0 !~ /^Filesystem/ && $0 !~ / on / {
+	{
-		printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, fsTypes[$NF], $2, $3, $4, $5, $6+$7, $6, $7, $8, $9;
+		for(i=1;i<=NF;i++)
 		{
 			if($i ~ /^\/dev\/.*s[0-9]+$/){
 				sub("^/dev/", "", $i);
 				sub("s[0-9]+$", "", $i);
 			}
 			if($i ~ /^\/\S*/ && i==mountedCol){
 				$(NF+1)=fsTypes[$mountedCol];
 				$(NF+1)=$iusedCol+$ifreeCol;
 				print $0;
 			}
 		}
 	}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
@ -312,5 +314,5 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 fi
 # jscpd:ignore-end
-$CMD | tee "$TEE_DEST" | $AWK "$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $PRINTF"  header="$HEADER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK "$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $PRINTF"  header="$HEADER"
 echo "Cmd = [$CMD];  | $AWK '$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
--- a/bin/df_metric.sh
+++ b/bin/df_metric.sh
@ -1,13 +1,10 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 # shellcheck disable=SC2016
 FILL_DIMENSIONS='{length(IP_address) || IP_address = "?";length(OS_version) || OS_version = "?";length(OSName) || OSName = "?";length(IPv6_Address) || IPv6_Address = "?"}'
@ -16,16 +13,14 @@ if [ "$KERNEL" = "Linux" ] ; then
    assertHaveCommand df
    CMD='df -k --output=source,fstype,size,used,avail,pcent,itotal,iused,iavail,ipcent,target'
    if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
+        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
+        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
    fi
    BEGIN='BEGIN { OFS = "\t" }'
    FORMAT='{OSName=OSName;OS_version=OS_version;IP_address=IP_address;IPv6_Address=IPv6_Address}'
 	# shellcheck disable=SC2016
-	FILTER_PRE='$2=="btrfs"&&btrfs[$1]==1{next}$2=="btrfs"{btrfs[$1]=1}'
+	FILTER_POST='/(devtmpfs|tmpfs)/ {next}'
 	# shellcheck disable=SC2016
 	FILTER_POST='/(devtmpfs|tmpfs|efivars)/ {next}'
    # shellcheck disable=SC2016
    PRINTF='
    function rem_pcent(val)
@ -34,19 +29,20 @@ if [ "$KERNEL" = "Linux" ] ; then
        {val=substr(val, 1, length(val)-1); return val}
    }
    {
-		if ($0 ~ /^Filesystem.*/) {
+		if($0 ~ /^Filesystem.*/){
            sub("Mounted on","MountedOn",$0);
            $(NF+1)="OSName";
            $(NF+1)="OS_version";
            $(NF+1)="IP_address";
            $(NF+1)="IPv6_Address";
            print $0;
 		} else {
       if ($10 == "-") $10 = "0%";
       printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, $2, $3, $4, $5, rem_pcent($6), $7, $8, $9, rem_pcent($10), $11, OSName, OS_version, IP_address, IPv6_Address;
 		}
       match($0,/^(.*[^ ]) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+) +([^ ]+%|-) +(.*)$/,a);
       if (length(a) != 0)
       { printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", a[1], a[2], a[3], a[4], a[5], rem_pcent(a[6]), a[7], a[8], a[9], rem_pcent(a[10]), a[11], OSName, OS_version, IP_address, IPv6_Address}
 	}'
 elif [ "$KERNEL" = "SunOS" ] ; then
@ -237,47 +233,63 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	#Maps fsType
 	# shellcheck disable=SC2016
 	MAP_FS_TO_TYPE='/ on / {
-		for (i = 1; i <= NF; i++) {
+		for(i=1;i<=NF;i++){
-			if ($i == "on" && $(i + 1) ~ /^\/.*/)
+			if($i=="on" && $(i+1) ~ /^\/.*/)
 			{
 				key=$(i+1);
 			}
 			if($i ~ /^\(/)
-				value = substr($i, 2, length($i) - 2);
+				value=substr($i,2,length($i)-2);
 		}
-		fsTypes[key] = value;
+		fsTypes[key]=value;
 	}'
 	# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
    # shellcheck disable=SC2016
-	PRINTF='/^Filesystem/ {
+    PRINTF='
-		printf "Filesystem\tType\t1K-blocks\tUsed\tAvail\tUse%%\tInodes\tIUsed\tIFree\tIUse%%\tMountedOn\tOSName\tOS_version\tIP_address\tIPv6_Address\n";
+	{
-	}
+		if($0 ~ /^Filesystem.*/){
-	$0 !~ /^Filesystem/ && $0 !~ / on / {
+            sub("%iused","IUsePct",$0);
 		printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, fsTypes[$NF], $2, $3, $4, substr($5, 1, length($5) - 1), $6+$7, $6, $7, substr($8, 1, length($8) - 1), $9, OSName, OS_version, IP_address, IPv6_Address;
 	}'
-elif [ "$KERNEL" = "OpenBSD" ] ; then
+			for(i=1;i<=NF;i++){
-	assertHaveCommand mount
+				if($i=="iused") iusedCol=i;
-	assertHaveCommand df
+				if($i=="ifree") ifreeCol=i;
-	CMD='eval mount -t nodevfs,nonfs,noswap,nocd9660; df -ih -t nodevfs,nonfs,noswap,nocd9660'
+				if($i=="Mounted" && $(i+1)=="on"){
-	# Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
+					mountedCol=i;
-	# shellcheck disable=SC2016
+                    sub("Mounted on","MountedOn",$0);
-	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
+				}
-	BEGIN='BEGIN { OFS = "\t" }'
+			}
-	#Maps fsType
+			$(NF+1)="Type";
-	# shellcheck disable=SC2016
+			$(NF+1)="INodes";
-	MAP_FS_TO_TYPE='/ on / {
+            $(NF+1)="OSName";
-		for (i = 1; i <= NF; i++){
+            $(NF+1)="OS_version";
-			if ($i == "on" && $(i + 1) ~ /^\/.*/)
+            $(NF+1)="IP_address";
-				key = $(i + 1);
+            $(NF+1)="IPv6_Address";
 			print $0;
 		}
 		fsTypes[key] = $5;
 	}'
 	# Append Type and Inode headers to the main header and print respective fields from values stored in MAP_FS_TO_TYPE variables
 	# shellcheck disable=SC2016
 	PRINTF='/^Filesystem/ {
 		printf "Filesystem\tType\t1K-blocks\tUsed\tAvail\tUse%%\tInodes\tIUsed\tIFree\tIUse%%\tMountedOn\tOSName\tOS_version\tIP_address\tIPv6_Address\n";
 	}
-	$0 !~ /^Filesystem/ && $0 !~ / on / {
+	{
-		printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, fsTypes[$NF], $2, $3, $4, substr($5, 1, length($5) - 1), $6+$7, $6, $7, substr($8, 1, length($8) - 1), $9, OSName, OS_version, IP_address, IPv6_Address;
+		for(i=1;i<=NF;i++)
 		{
            if($i ~ /.*\%$/)
                $i=substr($i, 1, length($i)-1);
            if($i ~ /^\/dev\/.*s[0-9]+$/){
 				sub("^/dev/", "", $i);
 				sub("s[0-9]+$", "", $i);
 			}
 			if($i ~ /^\/\S*/ && i==mountedCol){
 				$(NF+1)=fsTypes[$mountedCol];
                $(NF+1)=$iusedCol+$ifreeCol;
                $(NF+1)=OSName;
                $(NF+1)=OS_version;
                $(NF+1)=IP_address;
                $(NF+1)=IPv6_Address;
                print $0;
 			}
 		}
 	}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
@ -348,5 +360,5 @@ fi
 # jscpd:ignore-end
 # shellcheck disable=SC2086
-$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $FILL_DIMENSIONS $PRINTF" header="$HEADER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $FILL_DIMENSIONS $PRINTF" header="$HEADER"
 echo "Cmd = [$CMD];  | $AWK $DEFINE '$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $FILL_DIMENSIONS $PRINTF' header=\"$HEADER\"" >>"$TEE_DEST"
--- a/bin/docker.sh
+++ b/bin/docker.sh
@ -1,116 +0,0 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2022 Michael Erdely <mike@erdelynet.com>
 # SPDX-License-Identifier: MIT
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand docker
 assertHaveCommand bc
 assertHaveCommand ip
 assertHaveCommand awk
 declare -A pids
 declare -A time_start
 declare -A cpu_start
 declare -A rx_start
 declare -A tx_start
 declare -A br_start
 declare -A bw_start
 [[ $0 =~ .*_metric.sh ]] && mode=metric
 # Either add the splunk user to the docker group or add the following to /etc/sudoers:
 #   splunk ALL=(root) NOPASSWD: /usr/bin/docker stats --no-stream --no-trunc --all
 #   splunk ALL=(root) NOPASSWD: /usr/bin/docker ps --all --no-trunc --format *
 #   splunk ALL=(root) NOPASSWD: /usr/bin/docker inspect -f *
 docker_cmd=docker
 if [ $(id -u) != 0 ]; then
  ! groups | grep -q "\bdocker\b" && docker_cmd="sudo -n $docker_cmd"
 fi
 docker_list=$($docker_cmd ps --all --no-trunc --format '{{ .ID }}')
 header_string="ContainerId Name CPUPct MemUsage MemTotal MemPct NetRX RXps NetTX TXps BlockRead BRps BlockWrite BWps Pids"
 metric_string=""
 header_format="%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n"
 string_format="%s\t%s\t%s\t%.2f\t%s\t%s\t%.2f\t%s\t%.2f\t%s\t%.2f\t%s\t%.2f\t%s\t%.2f\t%s\n"
 json_format='{ "time": "%s", "ContainerId": "%s", "Name": "%s", "CPUPct": %.2f, "MemUsage": %s, "MemTotal": %s, "MemPct": %.2f, "NetRX": %s, "RXps": %.2f, "NetTX": %s, "TXps": %.2f, "BlockRead": %s, "BRps": %.2f, "BlockWrite": %s, "BWps": %.2f, "Pids": %s }\n'
 if [ "$mode" = "metric" ]; then
  metric_name=docker_metric
  if [ ! -f "/etc/os-release" ] ; then
    OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_')
    OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1)
    IP_address=$(ip addr show dev $(ip route show | awk 'BEGIN{m=1000}$1=="default"$0!~/ metric /{print $5;exit}$1=="default"{if($NF<m){m=$NF;i=$5}}END{print i}') | awk '$1=="inet"{print gensub(/\/[0-9]+/,"","g",$2)}')
  else
    OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d\= -f2 | tr ' ' '_' | cut -d\" -f2)
    OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d\= -f2 | cut -d\" -f2)
    IP_address=$(ip addr show dev $(ip route show | awk 'BEGIN{m=1000}$1=="default"$0!~/ metric /{print $5;exit}$1=="default"{if($NF<m){m=$NF;i=$5}}END{print i}') | awk '$1=="inet"{print gensub(/\/[0-9]+/,"","g",$2)}')
  fi
  [ -z "$OSName" ] && OSName="?"
  [ $OSName = Arch_Linux ] && OS_version=rolling
  [ -z "$OS_version" ] && OS_version="?"
  header_string="$header_string OSName OS_version IP_address"
  metric_string=" $OSName $OS_version $IP_address"
  header_format="${header_format::-2}\t%s\t%s\t%s\n"
  string_format="${string_format::-2}\t%s\t%s\t%s\n"
  json_format='{ "time": "%s", "ContainerId": "%s", "Name": "%s", "CPUPct": %.2f, "MemUsage": %.2f, "MemTotal": %.2f, "MemPct": %.2f, "NetRX": %.2f, "RXps": %.2f, "NetTX": %.2f, "TXps": %.2f, "BlockRead": %.2f, "BRps": %.2f, "BlockWrite": %.2f, "BWps": %.2f, "Pids": %s, "OSName": "%s", "OS_version": "%s", "IP_address": "%s", "event": "metric" }\n'
 fi
 # Currently calculates CPU % over time; not right now
 for id in $docker_list; do
  [ ! -d /sys/fs/cgroup/system.slice/docker-$id.scope ] && continue
  pids[$id]=$($docker_cmd inspect -f '{{ .State.Pid }}' $id)
  read time_start[$id] _ < /proc/uptime
  read _ cpu_start[$id] < /sys/fs/cgroup/system.slice/docker-$id.scope/cpu.stat
  while read _if _rx _ _ _ _ _ _ _ _tx _ _ _ _ _ _ _ ; do
    [ -z "$_if" ] && continue
    [ -z "$_rx" ] && _rx=0
    [ -z "$_tx" ] && _tx=0
    if=$_if rx_start[$id]=$_rx tx_start[$id]=$_tx
  done < /proc/${pids[$id]}/net/dev
  br_start[$id]=0;bw_start[$id]=0
  while read _ _br _bw _ _ _ _; do
    [ -z "$_br" ] && _br=rbytes=0
    [ -z "$_bw" ] && _bw=wbytes=0
    br_start[$id]=$((${br_start[$id]}+${_br:7}))
    bw_start[$id]=$((${bw_start[$id]}+${_bw:7}))
  done < /sys/fs/cgroup/system.slice/docker-$id.scope/io.stat
 done
 sleep 2  # Sleep 2 seconds to give the script time to get CPU stats
 MemTotal=$(awk '$1=="MemTotal:" {print $2*1024}' /proc/meminfo)
 #printf "$header_format" $header_string
 for id in $docker_list; do
  name=$($docker_cmd inspect -f '{{ .Name }}' $id)
  if [ ! -d /sys/fs/cgroup/system.slice/docker-$id.scope ]; then
    printf "$json_format" $id ${name:1} 0 0 0 0 0 0 0 0 0 0 0 0 0$metric_string
    continue
  fi
  read cpu_stop _ < /proc/uptime
  read _ proc_stop < /sys/fs/cgroup/system.slice/docker-$id.scope/cpu.stat
  while read _if _rx _ _ _ _ _ _ _ _tx _ _ _ _ _ _ _ ; do
    [ -z "$_if" ] && continue
    [ -z "$_rx" ] && _rx=0
    [ -z "$_tx" ] && _tx=0
    if=$_if NetRX=$_rx NetTX=$_tx
  done < /proc/${pids[$id]}/net/dev
  BlockRead=0;BlockWrite=0
  while read _ _br _bw _ _ _ _; do
    [ -z "$_br" ] && _br=rbytes=0
    [ -z "$_bw" ] && _bw=wbytes=0
    BlockRead=$((BlockRead+${_br:7}))
    BlockWrite=$((BlockWrite+${_bw:7}))
  done < /sys/fs/cgroup/system.slice/docker-$id.scope/io.stat
  read MemUsage < /sys/fs/cgroup/system.slice/docker-$id.scope/memory.current
  read Pids < /sys/fs/cgroup/system.slice/docker-$id.scope/pids.current
  read _ CPU < /sys/fs/cgroup/cpu.stat
  CpuUsage=$(echo "($proc_stop - ${cpu_start[$id]}) / ($cpu_stop * 1000000 - ${time_start[$id]} * 1000000) * 100" | bc -l)
  RXps=$(echo "($NetRX - ${rx_start[$id]}) / ($cpu_stop * 1000000 - ${time_start[$id]} * 1000000) * 100" | bc -l)
  TXps=$(echo "($NetTX - ${tx_start[$id]}) / ($cpu_stop * 1000000 - ${time_start[$id]} * 1000000) * 100" | bc -l)
  BRps=$(echo "($BlockRead - ${br_start[$id]}) / ($cpu_stop * 1000000 - ${time_start[$id]} * 1000000) * 100" | bc -l)
  BWps=$(echo "($BlockWrite - ${bw_start[$id]}) / ($cpu_stop * 1000000 - ${time_start[$id]} * 1000000) * 100" | bc -l)
  printf "$json_format" "$(env TZ=UTC date "+%FT%T.%NZ")" $id ${name:1} $CpuUsage $MemUsage $MemTotal $(echo "$MemUsage*100/$MemTotal"|bc -l) $NetRX $RXps $NetTX $TXps $BlockRead $BRps $BlockWrite $BWps $Pids$metric_string
 done
--- a/bin/docker_metric.sh
+++ b/bin/docker_metric.sh
@ -1 +0,0 @@
 docker.sh
--- a/bin/hardware.sh
+++ b/bin/hardware.sh
@ -1,5 +1,4 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
@ -10,14 +9,13 @@ FORMAT='{key = $1; if (NF == 1) {value = "<notAvailable>"} else {value = $2; for
 PRINTF='{printf("%-20s  %-s\n", key, value)}'
 if [ "$KERNEL" = "Linux" ] ; then
-	TMP_ERROR_FILTER_FILE=$(mktemp) # For filtering out lshw warning from stderr
+	TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_hardware_error_tmpfile # For filtering out lshw warning from stderr
 	queryHaveCommand ip
 	FOUND_IP=$?
 	# CPUs
 	CPU_TYPE=$(awk -F: '/model name/ {print $2; exit}' /proc/cpuinfo   2>>"$TEE_DEST")
 	CPU_CACHE=$(awk -F: '/cache size/ {print $2; exit}' /proc/cpuinfo  2>>"$TEE_DEST")
 	CPU_COUNT=$(grep -c processor /proc/cpuinfo                        2>>"$TEE_DEST")
 	[ -z "$CPU_TYPE" ] && [ -r /proc/device-tree/compatible ] && CPU_TYPE=$(cat /proc/device-tree/compatible | tr '\0' ',')
 	# HDs
 	# shellcheck disable=SC2010
 	for deviceBasename in $(ls /sys/block | grep -E -v '^(dm|md|ram|sr|loop)')
@ -189,29 +187,6 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
    OUTPUT=$(swapinfo -tm)
    MEMORY_REAL=$(echo "$OUTPUT" | awk '$1=="memory" {print $2 " MB"; exit}')
    MEMORY_SWAP=$(echo "$OUTPUT" | awk '$1=="dev" {print $2 " MB"; exit}')
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	assertHaveCommand sysctl
 	assertHaveCommand df
 	assertHaveCommand ifconfig
 	assertHaveCommand dmesg
 	assertHaveCommand top
 	# CPUs
 	CPU_TYPE=$(sysctl -n hw.model)
 	CPU_CACHE=
 	CPU_COUNT=$(sysctl -n hw.ncpu)
 	# HDs
 	HARD_DRIVES=$(df -h | awk '/^\/dev/ {sub("^.*\134/", "", $1); drives[$1] = $2} END {for(d in drives) printf("%s: %s; ", d, drives[d])}')
 	# NICs
 	IFACE_NAME=$(ifconfig -a | awk '/^[a-z0-9]+: / {sub(":", "", $1); iface=$1} /media: / {print iface}')
 	for NIC in $IFACE_NAME; do
 		NIC=$(echo $NIC | sed -E 's/[0-9]+$//')
 		NIC_TYPE="$NIC_TYPE,$(whatis $NIC | sed -E 's/^.* - //')"
 	done
 	NIC_TYPE=${NIC_TYPE#,}
 	NIC_COUNT=$(echo $IFACE_NAME | wc -w)
 	# memory
 	MEMORY_REAL=$(sysctl -n hw.physmem)
 	MEMORY_SWAP=$(systat -b swap | gawk '/^DISK/{p=1;next}p==1{swap+=$2}END{print int(swap/2)}')
 elif [ "$KERNEL" = "FreeBSD" ] ; then
 	assertHaveCommand sysctl
 	assertHaveCommand df
@ -219,9 +194,9 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 	assertHaveCommand dmesg
 	assertHaveCommand top
 	# CPUs
-	CPU_TYPE=$(sysctl -n hw.model)
+	CPU_TYPE=$(sysctl hw.model | sed 's/^.*: //')
 	CPU_CACHE=
-	CPU_COUNT=$(sysctl -n hw.ncpu)
+	CPU_COUNT=$(sysctl hw.ncpu | sed 's/^.*: //')
 	# HDs
 	HARD_DRIVES=$(df -h | awk '/^\/dev/ {sub("^.*\134/", "", $1); drives[$1] = $2} END {for(d in drives) printf("%s: %s; ", d, drives[d])}')
 	# NICs
@ -229,7 +204,7 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 	NIC_TYPE=$(dmesg | awk '(index($0, iface) && index($0, " port ")) {sub("^.*<", ""); sub(">.*$", ""); print $0}' iface="$IFACE_NAME" | head -1)
 	NIC_COUNT=$(ifconfig -a | grep -c media)
 	# memory
-	MEMORY_REAL=$(sysctl -n hw.physmem)
+	MEMORY_REAL=$(sysctl hw.physmem | awk '{print $2/(1024*1024) "MB"}')
 	MEMORY_SWAP=$(top -Sb 0 | awk '/^Swap: / {print $2 "B"}')
 fi
--- a/bin/interfaces.sh
+++ b/bin/interfaces.sh
@ -6,17 +6,15 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
-#HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         TXbytes          TXerrors         Speed        Duplex'
+HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         TXbytes          TXerrors         Speed        Duplex'
 HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         RXdropped          TXbytes          TXerrors         TXdropped          Speed        Duplex'
 FORMAT='{mac = length(mac) ? mac : "?"; collisions = length(collisions) ? collisions : "?"; RXbytes = length(RXbytes) ? RXbytes : "?"; RXerrors = length(RXerrors) ? RXerrors : "?"; TXbytes = length(TXbytes) ? TXbytes : "?"; TXerrors = length(TXerrors) ? TXerrors : "?"; speed = length(speed) ? speed : "?"; duplex = length(duplex) ? duplex : "?"}'
-#PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-16s %-16s %-12s %-12s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, TXbytes, TXerrors, speed, duplex}'
+PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-16s %-16s %-12s %-12s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, TXbytes, TXerrors, speed, duplex}'
 PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-18s %-16s %-16s %-18s %-12s %-12s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, (RXdropped == "") ? 0 : RXdropped, TXbytes, TXerrors, (TXdropped == "") ? 0 : TXdropped, speed, duplex}'
 if [ "$KERNEL" = "Linux" ] ; then
 	OS_FILE=/etc/os-release
-	#HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         RXdropped          TXbytes          TXerrors         TXdropped          Speed        Duplex'
+	HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         RXdropped          TXbytes          TXerrors         TXdropped          Speed        Duplex'
-	#PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-18s %-16s %-16s %-18s %-12s %-12s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, RXdropped, TXbytes, TXerrors, TXdropped, speed, duplex}'
+	PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-18s %-16s %-16s %-18s %-12s %-12s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, RXdropped, TXbytes, TXerrors, TXdropped, speed, duplex}'
 	queryHaveCommand ip
 	FOUND_IP=$?
 	if [ $FOUND_IP -eq 0 ]; then
@ -255,7 +253,7 @@ if [ "$KERNEL" = "Linux" ] ; then
 	out=$($CMD_LIST_INTERFACES)
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
@ -324,13 +322,12 @@ if [ "$KERNEL" = "Linux" ] ; then
 			GET_MAC='{if ($0 ~ /ether /) { mac = $2; } else if ( NR == 1 ) { mac = $5; }}'
 		fi
 		if [ "$DUPLEX" != 'error' ] && [ "$SPEED" != 'error' ]; then
-			output="$output$($CMD "$iface" | tee -a "$TEE_DEST" | awk "$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF" name="$iface" speed="$SPEED" duplex="$DUPLEX" mac="$MAC")\n"
+			$CMD "$iface" | tee -a "$TEE_DEST" | awk "$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF" name="$iface" speed="$SPEED" duplex="$DUPLEX" mac="$MAC"
 	 		echo "Cmd = [$CMD $iface];     | awk '$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX mac=$MAC" >> "$TEE_DEST"
 		else
 			echo "ERROR: cat command failed for interface $iface" >> "$TEE_DEST"
 		fi
 	done
 	printf "$output" | column -t
 elif [ "$KERNEL" = "SunOS" ] ; then
 	assertHaveCommandGivenPath /usr/sbin/ifconfig
@ -349,7 +346,7 @@ elif [ "$KERNEL" = "SunOS" ] ; then
 	out=$($CMD_LIST_INTERFACES)
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
@ -361,10 +358,9 @@ elif [ "$KERNEL" = "SunOS" ] ; then
 		else
 			CMD_DESCRIBE_INTERFACE="eval kstat -n $iface ; /usr/sbin/ifconfig $iface 2>/dev/null"
 		fi
-		output="$output$($CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE")\n"
+		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE"
 		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | $AWK '$GET_ALL $FORMAT $PRINTF' name=$iface node=$NODE" >> "$TEE_DEST"
 	done
 	printf "$output" | column -t
 elif [ "$KERNEL" = "AIX" ] ; then
 	assertHaveCommandGivenPath /usr/sbin/ifconfig
 	assertHaveCommandGivenPath /usr/bin/netstat
@ -382,17 +378,16 @@ elif [ "$KERNEL" = "AIX" ] ; then
 	out=$($CMD_LIST_INTERFACES)
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
 		echo "Cmd = [$CMD_LIST_INTERFACES]" >> "$TEE_DEST"
 		NODE=$(uname -n)
 		CMD_DESCRIBE_INTERFACE="eval netstat -v $iface ; /usr/sbin/ifconfig $iface"
-		output="$output$($CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE")\n"
+		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE"
 		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | $AWK '$GET_ALL $FORMAT $PRINTF' name=$iface node=$NODE" >> "$TEE_DEST"
 	done
 	printf "$output"
 elif [ "$KERNEL" = "Darwin" ] ; then
 	assertHaveCommand ifconfig
 	assertHaveCommand netstat
@ -442,16 +437,15 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
 		echo "Cmd = [$CMD_LIST_INTERFACES];  | awk '$CHOOSE_ACTIVE' | $UNIQUE" >> "$TEE_DEST"
 		CMD_DESCRIBE_INTERFACE="eval ifconfig $iface ; netstat -b -I $iface"
-		output="$output$($CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk "$GET_ALL $PRINTF" name="$iface")\n"
+		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk "$GET_ALL $PRINTF" name="$iface"
 		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | awk '$GET_ALL $PRINTF' name=$iface" >> "$TEE_DEST"
 	done
 	printf "$output" | column -t
 elif [ "$KERNEL" = "HP-UX" ] ; then
    assertHaveCommand ifconfig
    assertHaveCommand lanadmin
@ -472,30 +466,9 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
 	out=$($CMD | awk "$LANSCAN_AWK $GET_IP4 $GET_IP6 $GET_SPEED_DUPLEX $PRINTF $FILL_BLANKS")
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		printf "$HEADER\n$out\n"
+		echo "$HEADER"
 		echo "$out"
 	fi
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	assertHaveCommand ifconfig
 	assertHaveCommand netstat
 	CMD_LIST_INTERFACES='ifconfig -a'
 	# shellcheck disable=SC2016
 	CHOOSE_ACTIVE='/^[a-z0-9]+: / {sub(":", "", $1); iface=$1} /media: / {print iface}'
 	UNIQUE='sort -u'
 	# shellcheck disable=SC2016
 	GET_MAC='{$1 == "lladdr" && mac = $2}'
 	# shellcheck disable=SC2016
 	GET_IP='/ (netmask|prefixlen) / {for (i=1; i<=NF; i++) {if ($i == "inet") IPv4 = $(i+1); if ($i == "inet6") IPv6 = $(i+1)}}'
 	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
 		output="$HEADER\n"
 	fi
 	for iface in $out
 	do
 		output="$output$iface $(ifconfig $iface | awk "$GET_MAC $GET_IP END {printf \"%s %s %s\", mac, IPv4, IPv6}") $(echo $(netstat -bnI $iface -w1 | head -n4 | tail -n1) $(netstat -neI $iface -w1 | head -n4 | tail -n1) | awk "{printf \"%s %s %s %s %s %s %s\", \$9, \$1, 0, \$6, \$2, \$8, 0}") auto auto\n"
 	done
 	printf "$output" | column -t
 elif [ "$KERNEL" = "FreeBSD" ] ; then
 	assertHaveCommand ifconfig
 	assertHaveCommand netstat
@ -542,15 +515,14 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
 		echo "Cmd = [$CMD_LIST_INTERFACES];  | awk '$CHOOSE_ACTIVE' | $UNIQUE" >> "$TEE_DEST"
 		CMD_DESCRIBE_INTERFACE="eval ifconfig $iface ; netstat -b -I $iface"
-    output="$output$($CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk "$GET_ALL $PRINTF" name="$iface")\n"
+		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk "$GET_ALL $PRINTF" name="$iface"
 		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | awk '$GET_ALL $PRINTF' name=$iface" >> "$TEE_DEST"
 	done
 	printf "$output" | column -t
 fi
 # jscpd:ignore-end
--- a/bin/interfaces_metric.sh
+++ b/bin/interfaces_metric.sh
@ -1,5 +1,4 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
@ -7,8 +6,6 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 HEADER='Name       MAC                inetAddr         inet6Addr                                  Collisions  RXbytes          RXerrors         TXbytes          TXerrors         Speed        Duplex          OSName                                   OS_version  IP_address       IPv6_Address'
 FORMAT='{mac = length(mac) ? mac : "?"; collisions = length(collisions) ? collisions : "?"; RXbytes = length(RXbytes) ? RXbytes : "?"; RXerrors = length(RXerrors) ? RXerrors : "?"; TXbytes = length(TXbytes) ? TXbytes : "?"; TXerrors = length(TXerrors) ? TXerrors : "?"; speed = length(speed) ? speed : "?"; duplex = length(duplex) ? duplex : "?"}'
 PRINTF='END {printf "%-10s %-17s  %-15s  %-42s %-10s  %-16s %-16s %-16s %-16s %-12s %-12s    %-35s %15s  %-16s %-42s\n", name, mac, IPv4, IPv6, collisions, RXbytes, RXerrors, TXbytes, TXerrors, speed, duplex, OSName, OS_version, IP_address, IPv6_Address}'
@ -21,9 +18,9 @@ if [ "$KERNEL" = "Linux" ] ; then
 	queryHaveCommand ip
 	FOUND_IP=$?
 	if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
+        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
+        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
    fi
 	if [ $FOUND_IP -eq 0 ]; then
 		CMD_LIST_INTERFACES="eval ip -s a | tee $TEE_DEST|grep 'state UP' | grep mtu | grep -Ev lo | tee -a $TEE_DEST | cut -d':' -f2 | tee -a $TEE_DEST | cut -d '@' -f 1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST"
@ -262,7 +259,7 @@ if [ "$KERNEL" = "Linux" ] ; then
 	out=$($CMD_LIST_INTERFACES)
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
@ -327,13 +324,12 @@ if [ "$KERNEL" = "Linux" ] ; then
 		fi
 		if [ "$DUPLEX" != 'error' ] && [ "$SPEED" != 'error' ]; then
 			# shellcheck disable=SC2086
-      output="$output$($CMD "$iface" | tee -a "$TEE_DEST" | awk $DEFINE "$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF" name="$iface" speed="$SPEED" duplex="$DUPLEX" mac="$MAC")\n"
+			$CMD "$iface" | tee -a "$TEE_DEST" | awk $DEFINE "$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF" name="$iface" speed="$SPEED" duplex="$DUPLEX" mac="$MAC"
 	 		echo "Cmd = [$CMD $iface];     | awk $DEFINE '$BEGIN $GET_MAC $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX mac=$MAC" >> "$TEE_DEST"
 		else
 			echo "ERROR: cat command failed for interface $iface" >> "$TEE_DEST"
 		fi
 	done
 	printf "$output" | column -t
 elif [ "$KERNEL" = "SunOS" ] ; then
 	assertHaveCommandGivenPath /usr/sbin/ifconfig
@ -355,7 +351,7 @@ elif [ "$KERNEL" = "SunOS" ] ; then
 	out=$($CMD_LIST_INTERFACES)
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
@ -368,10 +364,9 @@ elif [ "$KERNEL" = "SunOS" ] ; then
 			CMD_DESCRIBE_INTERFACE="eval kstat -n $iface ; /usr/sbin/ifconfig $iface 2>/dev/null"
 		fi
 		# shellcheck disable=SC2086
-    output="$output$($CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK $DEFINE "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE")\n"
+		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK $DEFINE "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE"
 		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | $AWK $DEFINE '$GET_ALL $FORMAT $PRINTF' name=$iface node=$NODE" >> "$TEE_DEST"
 	done
 	printf "$output" | column -t
 elif [ "$KERNEL" = "AIX" ] ; then
 	assertHaveCommandGivenPath /usr/sbin/ifconfig
 	assertHaveCommandGivenPath /usr/bin/netstat
@ -393,7 +388,7 @@ elif [ "$KERNEL" = "AIX" ] ; then
 	out=$($CMD_LIST_INTERFACES)
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
@ -401,10 +396,9 @@ elif [ "$KERNEL" = "AIX" ] ; then
 		NODE=$(uname -n)
 		CMD_DESCRIBE_INTERFACE="eval netstat -v $iface ; /usr/sbin/ifconfig $iface"
 		# shellcheck disable=SC2086
-    output="$output$($CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK $DEFINE "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE")\n"
+		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | $AWK $DEFINE "$GET_ALL $FORMAT $PRINTF" name="$iface" node="$NODE"
 		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | $AWK $DEFINE '$GET_ALL $FORMAT $PRINTF' name=$iface node=$NODE" >> "$TEE_DEST"
 	done
 	printf "$output" | column -t
 elif [ "$KERNEL" = "Darwin" ] ; then
 	assertHaveCommand ifconfig
 	assertHaveCommand netstat
@ -456,17 +450,16 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
 		echo "Cmd = [$CMD_LIST_INTERFACES];  | awk '$CHOOSE_ACTIVE' | $UNIQUE" >> "$TEE_DEST"
 		CMD_DESCRIBE_INTERFACE="eval ifconfig $iface ; netstat -b -I $iface"
 		# shellcheck disable=SC2086
-    output="$output$($CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk $DEFINE "$GET_ALL $PRINTF" name="$iface")\n"
+		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk $DEFINE "$GET_ALL $PRINTF" name="$iface"
 		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | awk $DEFINE '$GET_ALL $PRINTF' name=$iface" >> "$TEE_DEST"
 	done
 	printf "$output" | column -t
 elif [ "$KERNEL" = "HP-UX" ] ; then
    assertHaveCommand ifconfig
    assertHaveCommand lanadmin
@ -488,33 +481,9 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
 	out=$($CMD | awk "$LANSCAN_AWK $GET_IP4 $GET_IP6 $GET_SPEED_DUPLEX $PRINTF $FILL_BLANKS")
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		printf "$HEADER\n$out\n" | column -t
+		echo "$HEADER"
 		echo "$out"
 	fi
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	assertHaveCommand ifconfig
 	assertHaveCommand netstat
 	CMD_LIST_INTERFACES='ifconfig -a'
 	# shellcheck disable=SC2016
 	CHOOSE_ACTIVE='/^[a-z0-9]+: / {sub(":", "", $1); iface=$1} /media: / {print iface}'
 	UNIQUE='sort -u'
 	# shellcheck disable=SC2016
 	GET_MAC='{$1 == "lladdr" && mac = $2}'
 	# shellcheck disable=SC2016
 	GET_IP='/ (netmask|prefixlen) / {for (i=1; i<=NF; i++) {if ($i == "inet") IPv4 = $(i+1); if ($i == "inet6") IPv6 = $(i+1)}}'
 	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
 	lines=$(echo "$out" | wc -l)
 	INT=$(netstat -nr | awk '$1 == "default" {print $NF; exit}')
  IP4=$(ifconfig $INT | awk '$1=="inet"{print $2;p=1;exit}END{if (p!=1) print "<n/a>"}')
 	IP6=$(ifconfig $INT | awk '$1=="inet6" && $2!~/%vio0$/{print $2;p=1;exit}END{if (p!=1) print "<n/a>"}')
 	if [ "$lines" -gt 0 ]; then
 		output="$HEADER\n"
 	fi
 	for iface in $out
 	do
    output="$output"$iface $(ifconfig $iface | awk "$GET_MAC $GET_IP END {printf \"%s %s %s\", mac, IPv4, IPv6}") $(echo $(netstat -bnI $iface -w1 | head -n4 | tail -n1) $(netstat -neI $iface -w1 | head -n4 | tail -n1) | awk "{printf \"%s %s %s %s %s\", \$9, \$1, \$6, \$2, \$8}") auto auto $(uname -s) $(uname -r) $IP4 $IP6\n"
 	done
 	printf "$output" | column -t
 elif [ "$KERNEL" = "FreeBSD" ] ; then
 	assertHaveCommand ifconfig
 	assertHaveCommand netstat
@ -564,16 +533,15 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 	out=$($CMD_LIST_INTERFACES | tee "$TEE_DEST" | awk "$CHOOSE_ACTIVE" | $UNIQUE | tee -a "$TEE_DEST")
 	lines=$(echo "$out" | wc -l)
 	if [ "$lines" -gt 0 ]; then
-		output="$HEADER\n"
+		echo "$HEADER"
 	fi
 	for iface in $out
 	do
 		echo "Cmd = [$CMD_LIST_INTERFACES];  | awk '$CHOOSE_ACTIVE' | $UNIQUE" >> "$TEE_DEST"
 		CMD_DESCRIBE_INTERFACE="eval ifconfig $iface ; netstat -b -I $iface"
 		# shellcheck disable=SC2086
-    output="$output$($CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk $DEFINE "$GET_ALL $PRINTF" name="$iface")\n"
+		$CMD_DESCRIBE_INTERFACE | tee -a "$TEE_DEST" | awk $DEFINE "$GET_ALL $PRINTF" name="$iface"
 		echo "Cmd = [$CMD_DESCRIBE_INTERFACE];     | awk $DEFINE '$GET_ALL $PRINTF' name=$iface" >> "$TEE_DEST"
 	done
 	printf "$output" | column -t
 fi
 # jscpd:ignore-end
--- a/bin/iostat.sh
+++ b/bin/iostat.sh
@ -7,8 +7,6 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 if [ "$KERNEL" = "Linux" ] ; then
 	CMD='iostat -xky 1 1'
 	assertHaveCommand "$CMD"
@ -24,12 +22,6 @@ elif [ "$KERNEL" = "AIX" ] ; then
 	assertHaveCommand "$CMD"
 	# considers the disks, kb_read and kb_wrtn columns and returns output of the second interval
 	FILTER='/^cd/ {next} /Disks/ && /Kb_read/ && /Kb_wrtn/ {f++;} f==2'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	CMD='systat -B iostat'
 	assertHaveCommand "$CMD"
 	HEADER="Device  rB/s  wB/s   r/s  w/s"
 	HEADERIZE="BEGIN {print \"$HEADER\"}"
 	FILTER=$HEADERIZE'/^[^ \t]/ && !/^(DEVICE|Totals)/{printf "%-7s %.2f  %.2f  %d    %d\n", $1, $2/1024, $3/1024, $4, $5}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
 	CMD='iostat -x -c 2'
 	assertHaveCommand "$CMD"
@ -51,10 +43,10 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	LATENCY='function getLatency(disk) {read=getDeltaPS(disk,"Latency Time (Read)"); write=getDeltaPS(disk,"Latency Time (Write)"); return expr read + write;}'
 	FUNC2='function getAllDeltasPS(disk) {rReq_PS=getDeltaPS(disk,"Operations (Read)"); wReq_PS=getDeltaPS(disk,"Operations (Write)"); rKB_PS=getDeltaPS(disk,"Bytes (Read)")/1024; wKB_PS=getDeltaPS(disk,"Bytes (Write)")/1024; avgWaitMillis=getLatency(disk);}'
 	SCRIPT="$HEADERIZE $FILTER $FUNC1 $LATENCY $FUNC2 END {$FORMAT for (device in devices) {getAllDeltasPS(device); $PRINTF}}"
-	$CMD | tee "$TEE_DEST" | awk "$SCRIPT"  header="$HEADER" | column -t
+	$CMD | tee "$TEE_DEST" | awk "$SCRIPT"  header="$HEADER"
 	echo "Cmd = [$CMD];  | awk '$SCRIPT' header=\"$HEADER\"" >> "$TEE_DEST"
 	exit 0
 fi
-$CMD | tee "$TEE_DEST" | $AWK "$FILTER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK "$FILTER"
 echo "Cmd = [$CMD];  | $AWK '$FILTER'" >> "$TEE_DEST"
--- a/bin/iostat_metric.sh
+++ b/bin/iostat_metric.sh
@ -1,5 +1,4 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
@ -8,15 +7,13 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 if [ "$KERNEL" = "Linux" ] ; then
 	CMD='iostat -xky 1 1'
 	assertHaveCommand "$CMD"
 	if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')"
+        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1)"
    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}')"
+        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1)"
    fi
 	FILTER='/Device/ && /r\/s/ && /w\/s/ {f=1;}f'
 	# shellcheck disable=SC2016
@ -37,13 +34,6 @@ elif [ "$KERNEL" = "AIX" ] ; then
 	FILTER='/^cd/ {next} /Disks/ && /Kb_read/ && /Kb_wrtn/ {f++;} f==2'
    # shellcheck disable=SC2016
 	PRINTF='{if ($0~/Disks/ && /Kb_read/ && /Kb_wrtn/) {printf "%s OSName OS_version IP_address \n", $0} else if (NF!=0) {printf "%s %s %s %s\n", $0, OSName, OS_version/1000, IP_address}}'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	CMD='systat -B iostat'
 	assertHaveCommand "$CMD"
 	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig $(netstat -nr | awk '$1 == "default" {print $NF; exit}') | awk '$1=="inet"{print $2;p=1;exit}END{if (p!=1) print "<n/a>"}')"
 	HEADER="Device  rB/s  wB/s   r/s  w/s  OSName   OS_version IP_address"
 	HEADERIZE="BEGIN {print \"$HEADER\"}"
 	FILTER=$HEADERIZE'/^[^ \t]/ && !/^(DEVICE|Totals)/{printf "%-7s %.2f  %.2f  %d    %d     %s  %s        %s\n", $1, $2/1024, $3/1024, $4, $5, OSName, OS_version, IP_address}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
 	CMD='iostat -x -c 2'
 	assertHaveCommand "$CMD"
@ -68,10 +58,10 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	FUNC2='function getAllDeltasPS(disk) {rReq_PS=getDeltaPS(disk,"Operations (Read)"); wReq_PS=getDeltaPS(disk,"Operations (Write)"); rKB_PS=getDeltaPS(disk,"Bytes (Read)")/1024; wKB_PS=getDeltaPS(disk,"Bytes (Write)")/1024; avgWaitMillis=getLatency(disk);}'
 	SCRIPT="$HEADERIZE $FILTER $FUNC1 $LATENCY $FUNC2 END {$FORMAT for (device in devices) {getAllDeltasPS(device); $PRINTF}}"
 	# shellcheck disable=SC2086
-	$CMD | tee "$TEE_DEST" | awk $DEFINE "$SCRIPT"  header="$HEADER" | column -t
+	$CMD | tee "$TEE_DEST" | awk $DEFINE "$SCRIPT"  header="$HEADER"
 	echo "Cmd = [$CMD];  | awk $DEFINE '$SCRIPT' header=\"$HEADER\"" >> "$TEE_DEST"
 	exit 0
 fi
 # shellcheck disable=SC2086
-$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$FILTER $PRINTF" | column -t
+$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$FILTER $PRINTF"
 echo "Cmd = [$CMD];  | $AWK $DEFINE '$FILTER'" >> "$TEE_DEST"
--- a/bin/lastlog.sh
+++ b/bin/lastlog.sh
@ -47,17 +47,6 @@ elif [ "$KERNEL" = "Darwin" ] ; then
    latest = (NF >= 10 && ($7 == "gone" || $8 == "gone" || $9 == "gone")) ? $(NF-7) " " $(NF-6) " " $(NF-5) " " $(NF-4) : $(NF-6) " " $(NF-5) " " $(NF-4) " " $(NF-3);
    duration = (NF >= 10 && $10 != "still" && $10 != "logged" && $10 != "running" && $10 != "in" && $10 != "" && $10 != "gone" && $10 != "no" && $10 != "logout") ? $10 : "N/A";
  }'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	CMD='last'
 	# shellcheck disable=SC2016
 	FILTER='{if ($0 == "") exit; if ($1 ~ /reboot|shutdown/ || $1 in users) next; users[$1]=1}'
 	# shellcheck disable=SC2016
 	FORMAT='{
 		username = $1;
 		from = (NF>=10) ? $3 : "<console>";
 		latest = (NF >= 10 && ($7 == "gone" || $8 == "gone" || $9 == "gone")) ? $(NF-7) " " $(NF-6) " " $(NF-5) " " $(NF-4) : $(NF-6) " " $(NF-5) " " $(NF-4) " " $(NF-3);
 		duration = (NF >= 10 && $10 != "still" && $10 != "logged" && $10 != "running" && $10 != "in" && $10 != "" && $10 != "gone" && $10 != "no" && $10 != "logout") ? $10 : "N/A";
 	}'
 elif [ "$KERNEL" = "HP-UX" ] ; then
    CMD='lastb -Rx'
 	# shellcheck disable=SC2016
--- a/bin/lsof.sh
+++ b/bin/lsof.sh
@ -5,11 +5,6 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 if [ "$KERNEL" = "OpenBSD" ] ; then
 	fstat | awk '/^USER/{print "COMMAND PID USER FD MOUNT"} $5 ~ /^\// {print $2, $3, $1, $4, $5} $5 !~ /^\// && !/^USER/ {print $2, $3, $1, $4, $5, $6, $7, $8, $9, $10, $11}'
 	exit 0
 fi
 assertHaveCommand lsof
 CMD='lsof -nPs +c 0'
--- a/bin/netstat.sh
+++ b/bin/netstat.sh
@ -39,7 +39,7 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	FORMAT='{gsub("[46]", "", $1)}'
 elif [ "$KERNEL" = "HP-UX" ] ; then
    CMD='eval netstat -an | egrep "tcp|udp"'
-elif [ "$KERNEL" = "FreeBSD" ] || [ "$KERNEL" = "OpenBSD" ] ; then
+elif [ "$KERNEL" = "FreeBSD" ] ; then
 	# shellcheck disable=SC2089
 	CMD='eval netstat -an | egrep "tcp|udp"'
 	# shellcheck disable=SC2016
--- a/bin/nfsiostat.sh
+++ b/bin/nfsiostat.sh
@ -5,8 +5,6 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 HEADER='Mount 		  Path		  r_op/s    w_op/s    r_KB/s    w_KB/s    rpc_backlog    r_avg_RTT    w_avg_RTT    r_avg_exe    w_avg_exe'
 HEADERIZE="BEGIN {print \"$HEADER\"}"
--- a/bin/openPorts.sh
+++ b/bin/openPorts.sh
@ -52,7 +52,7 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
    FORMAT='{gsub("[46]", "", $1); proto=$1; sub("^.*[^0-9]", "", $4); port=$4}'
 	# shellcheck disable=SC2016
    FILTER='{if ($4 == "") next}'
-elif [ "$KERNEL" = "FreeBSD" ] || [ "$KERNEL" = "OpenBSD" ] ; then
+elif [ "$KERNEL" = "FreeBSD" ] ; then
 # shellcheck disable=SC2089
 	CMD='eval netstat -ln | egrep "^tcp|^udp"'
 	HEADERIZE="BEGIN {print \"$HEADER\"}"
--- a/bin/package.sh
+++ b/bin/package.sh
@ -5,15 +5,12 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 HEADER='NAME                                                     VERSION               RELEASE               ARCH        VENDOR                          GROUP'
 HEADERIZE="BEGIN {print \"$HEADER\"}"
 PRINTF='{printf "%-55.55s  %-20.20s  %-20.20s  %-10.10s  %-30.30s  %-20s\n", name, version, release, arch, vendor, group}'
 CMD='echo There is no flavor-independent command...'
 if [ "$KERNEL" = "Linux" ] ; then
 	OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2)
 	if $DEBIAN; then
 		CMD1="eval dpkg-query -W -f='"
 		# shellcheck disable=SC2016
@ -22,10 +19,6 @@ if [ "$KERNEL" = "Linux" ] ; then
 		CMD=$CMD1$CMD2$CMD3
 		# shellcheck disable=SC2016
 		FORMAT='{name=$1;version=$2;sub("\\.?[^0-9\\.:\\-].*$", "", version); release=$2; sub("^[0-9\\.:\\-]*","",release); if(release=="") {release="?"}; arch=$3; if (NF>3) {sub("^.*:\\/\\/", "", $4); sub("^www\\.", "", $4); sub("\\/.*$", "", $4); vendor=$4} else {vendor="?"} group="?"}'
 	elif [ "$OSName" = "Arch_Linux" ] || [ "$OSName" = "Arch_Linux_ARM" ]; then
 		CMD="eval pacman -Q"
 		# shellcheck disable=SC2016
    FORMAT="{name=\$1;version=\$2; release=\"?\"; arch=\"$(eval uname -m | sed -r "s/(armv7l|aarch64)/arm64/;s/x86_64/amd64/")\"; vendor=\"?\"; group=\"?\"}"
 	else
 		CMD='eval rpm --query --all --queryformat "%-56{name}  %-21{version}  %-21{release}  %-11{arch}  %-31{vendor}  %-{group}\n"'
 		# shellcheck disable=SC2016
@ -53,12 +46,6 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
    FILTER='/^#/ {next} $1=="" {next}'
 	# shellcheck disable=SC2016
    FORMAT='{release="?"; group="?"; vendor="?"; name=$1; version=$2; arch=$3} NF==4 {vendor=$4}'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	CMD=pkg_info
 	HEADER='NAME                                               VERSION                                            ARCH        '
 	HEADERIZE="BEGIN {print \"$HEADER\"; arch=\"$(arch -s)\"}"
 	#PRINTF='{ printf "%-50s %-50s %s\n",$1,$2,$3}'
 	PRINTF='{name=gensub(/-[0-9].*$/,"",1,$1); suffix=gensub(/^.*-([0-9][^-]*)/,"",1,$1); if (suffix!="") suffix="," suffix; version=gensub(/^.*-([0-9][^-]*)-?.*$/,"\\1",1,$1); printf "%-50s %-50s %s\n", name suffix, version, arch}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
 	# the below syntax is valid when using zsh, bash, ksh
 	if [[ $KERNEL_RELEASE =~ 10.* ]] || [[ $KERNEL_RELEASE =~ 11.* ]] || [[ $KERNEL_RELEASE =~ 12.* ]] || [[ $KERNEL_RELEASE =~ 13.* ]]; then
@ -76,5 +63,5 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 fi
 assertHaveCommand "$CMD"
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $SEPARATE_RECORDS $PRINTF"  header="$HEADER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FILTER $FORMAT $SEPARATE_RECORDS $PRINTF"  header="$HEADER"
 echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FILTER $FORMAT $SEPARATE_RECORDS $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
--- a/bin/protocol.sh
+++ b/bin/protocol.sh
@ -5,8 +5,6 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 CMD='netstat -s'
 HEADER='  IPdropped   TCPrexmits   TCPreorder   TCPpktRecv   TCPpktSent   UDPpktLost   UDPunkPort   UDPpktRecv   UDPpktSent'
 HEADERIZE="BEGIN {print \"$HEADER\"}"
@ -67,7 +65,7 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
    SECTION_TCP='inTCP && /retransmited$/ {TCPrexmits=$1} inTCP && /out of order/ {TCPreorder=$1} inTCP && /[0-9] packets received$/ {TCPpktRecv=$1} inTCP && /[0-9] packets sent$/ {TCPpktSent=$1}'
 	# shellcheck disable=SC2016
    SECTION_UDP='inUDP && /packets received/ {UDPpktRecv=$1} inUDP && /packets sent/ {UDPpktSent=$1} inUDP && /packet receive errors/ {UDPpktLost=$1} inUDP && /packets to unknown port received/ {UDPunkPort=$1}'
- elif [ "$KERNEL" = "FreeBSD" ] || [ "$KERNEL" = "OpenBSD" ] ; then
+ elif [ "$KERNEL" = "FreeBSD" ] ; then
 	# shellcheck disable=SC2016
 	FIGURE_SECTION='/^ip:$/ {inIP=1;inTCP=0;inUDP=0} /^tcp:$/ {inIP=0;inTCP=1;inUDP=0} /^udp:$/ {inIP=0;inTCP=0;inUDP=1} {if (NF==1 && $1 !~ /^ip:$|^udp:$|^tcp:$/) inIP=inTCP=inUDP=0}'
 	# shellcheck disable=SC2016
@ -79,5 +77,5 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
 fi
 assertHaveCommand "$CMD"
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FIGURE_SECTION $COMMON $SECTION_IP $SECTION_TCP $SECTION_UDP $PRINTF"  header="$HEADER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $FIGURE_SECTION $COMMON $SECTION_IP $SECTION_TCP $SECTION_UDP $PRINTF"  header="$HEADER"
 echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $FIGURE_SECTION $COMMON $SECTION_IP $SECTION_TCP $SECTION_UDP $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
--- a/bin/ps.sh
+++ b/bin/ps.sh
@ -6,7 +6,7 @@
 . "$(dirname "$0")"/common.sh
 # shellcheck disable=SC2166
-if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then
+if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" ] ; then
    assertHaveCommand ps
    CMD='ps auxww'
 elif [ "$KERNEL" = "AIX" ] ; then
--- a/bin/ps_metric.sh
+++ b/bin/ps_metric.sh
@ -1,5 +1,4 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
@ -8,16 +7,16 @@
 . "$(dirname "$0")"/common.sh
 # shellcheck disable=SC2166
-if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then
+if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" ] ; then
    assertHaveCommand ps
    CMD='ps auxww'
    if [ "$KERNEL" = "Linux" ] ; then
        if [ ! -f "/etc/os-release" ] ; then
-            DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
+            DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
        else
-            DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
+            DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)"
        fi
-    elif [ "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" -o "$KERNEL" = "OpenBSD" ] ; then
+    elif [ "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" ] ; then
        # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address.
        DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1) -v IPv6_Address=$(ifconfig -a | grep inet6 | grep -v ' ::1 ' | grep -v ' ::1/' | grep -v ' ::1%' | grep -v ' fe80::' | grep -v ' 2002::' | grep -v ' ff00::' | head -n 1 | xargs | cut -d '/' -f 1 | cut -d '%' -f 1 | cut -d ' ' -f 2)"
    fi
--- a/bin/rlog.sh
+++ b/bin/rlog.sh
@ -1,5 +1,4 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
 #
@ -8,16 +7,10 @@
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
-if [ -n "$SPLUNK_DB" ]; then
+OLD_SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seekfile # For handling upgrade scenarios
  OLD_SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seekfile # For handling upgrade scenarios
  SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seektime
 else
  # handle the case where this is not being run by the Splunk user from Splunk
  OLD_SEEK_FILE=$HOME/.splunk_unix_audit_seekfile # For handling upgrade scenarios
  SEEK_FILE=$HOME/.splunk_unix_audit_seektime
 fi
 CURRENT_AUDIT_FILE=/var/log/audit/audit.log # For handling upgrade scenarios
-TMP_ERROR_FILTER_FILE=$(mktemp) # For filering out "no matches" error from stderr
+SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seektime
 TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_rlog_error_tmpfile # For filering out "no matches" error from stderr
 AUDIT_FILE="/var/log/audit/audit.log*"
 if [ "$KERNEL" = "Linux" ] ; then
@ -63,8 +56,6 @@ elif [ "$KERNEL" = "Darwin" ] ; then
    :
 elif [ "$KERNEL" = "HP-UX" ] ; then
 	:
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	:
 elif [ "$KERNEL" = "FreeBSD" ] ; then
 	:
 fi
--- a/bin/selinuxChecker.sh
+++ b/bin/selinuxChecker.sh
@ -1,12 +1,11 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
-TMP_ERROR_FILTER_FILE=$(mktemp) # For filtering out awk warning from stderr
+TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_selinux_error_tmpfile # For filtering out awk warning from stderr
 PRINTF='END {printf "%s app=selinux %s %s %s %s\n", DATE, FILEHASH, SELINUX, SELINUXTYPE, SETLOCALDEFS}'
 if [ "$KERNEL" = "Linux" ] ; then
--- a/bin/service.sh
+++ b/bin/service.sh
@ -128,18 +128,9 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	CMD='eval date ; ls -1 /System/Library/StartupItems/ /Library/StartupItems/'
 	# Get per-user startup items
 	# shellcheck disable=SC2044
-	# For this to work properly when run as non-root, add a line to
+	for PLIST_FILE in $(find /Users -name "loginwindow.plist") ; do
-	# an /etc/sudoers.d file (eg - /etc/sudoers.d/splunk) like this:
+		CMD=$CMD' ; echo '$PLIST_FILE': ; defaults read '$PLIST_FILE
-	#   splunk ALL=(root) NOPASSWD: /usr/bin/find /Users -name loginwindow.plist
+	done
 	if [ $(id -u) != 0 ]; then
 		for PLIST_FILE in $(sudo -n /usr/bin/find /Users -name loginwindow.plist) ; do
 			CMD=$CMD' ; echo '$PLIST_FILE': ; defaults read '$PLIST_FILE
 		done
 	else
 		for PLIST_FILE in $(/usr/bin/find /Users -name loginwindow.plist) ; do
 			CMD=$CMD' ; echo '$PLIST_FILE': ; defaults read '$PLIST_FILE
 		done
 	fi
 	# shellcheck disable=SC2016
 	PARSE_0='NR==1 {DATE=$0}'
 	# Retrieve path for system startup items
@ -196,33 +187,6 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	POSTPROCESS='END { if (SPLUNKD==0) { printf "%s app=\"Splunk\" StartMode=Disabled\n", DATE } }'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
  # For this to work when running as a non-root user, add the following
  # to /etc/doas.conf (replacing USERNAME with the user running the script):
  #   permit nopass USERNAME cmd /usr/sbin/rcctl args ls started
  #   permit nopass USERNAME cmd /usr/sbin/rcctl args ls failed
  #   permit nopass USERNAME cmd /usr/sbin/rcctl args ls rogue
  if [ $(id -u) != 0 ]; then
    failed=" $(doas -n /usr/sbin/rcctl ls failed) "
    rogue=" $(doas -n /usr/sbin/rcctl ls rogue) "
    running=" $(doas -n /usr/sbin/rcctl ls started) "
  else
    failed=" $(/usr/sbin/rcctl ls failed) "
    rogue=" $(/usr/sbin/rcctl ls rogue) "
    running=" $(/usr/sbin/rcctl ls started) "
  fi
  enabled=" $(/usr/sbin/rcctl ls on) "
  for svc in $(/usr/sbin/rcctl ls all); do
    enabled=false
    echo $enabled | grep " $svc " && enabled=true
    failed=false
    echo $enabled | grep " $svc " && failed=true
    rogue=false
    echo $enabled | grep " $svc " && rogue=true
    state=stopped
    echo $enabled | grep " $svc " && state=running
    date "+%a %b %e %H:%M:%S %Z %Y type=rcctl app=$svc, enabled=$enabled, failed=$failed, rogue=$rogue, running=$running"
  done
 else
 	# Exits
 	failUnsupportedScript
--- a/bin/setup.sh
+++ b/bin/setup.sh
@ -1,5 +1,4 @@
 #!/usr/bin/env bash
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
@ -238,7 +237,7 @@ function show_inputs
    script_list=$(get_script_list)
    for line in $script_list; do
        case "$line" in
-           *unix* | *TA-unix* ) get_scripted_input_status "$line"; input_counter=`expr $input_counter + 1`;
+           *unix* | *Splunk_TA_nix* ) get_scripted_input_status "$line"; input_counter=`expr $input_counter + 1`;
        esac
    done
    echo ""
@ -268,7 +267,7 @@ function enable_all_inputs
        fi
        if [ "$res" == "success" ] && [[ ( $line != *"_metric"* || $flag == 1 ) ]]; then
            case "$line" in
-            *unix* | *TA-unix* ) echo "enabling $line"; input_endpoint=$(build_scripted_input_endpoint "$line"); enable_scripted_input $input_endpoint;;
+            *unix* | *Splunk_TA_nix* ) echo "enabling $line"; input_endpoint=$(build_scripted_input_endpoint "$line"); enable_scripted_input $input_endpoint;;
            esac
        fi
    done
@ -290,7 +289,7 @@ function disable_all_inputs
    script_list=$(get_script_list)
    for line in $script_list; do
        case "$line" in
-           *unix* | *TA-unix* ) echo "disabling $line"; input_endpoint=$(build_scripted_input_endpoint "$line"); disable_scripted_input $input_endpoint;;
+           *unix* | *Splunk_TA_nix* ) echo "disabling $line"; input_endpoint=$(build_scripted_input_endpoint "$line"); disable_scripted_input $input_endpoint;;
        esac
    done
    for line in $MONITOR_INPUTS; do
@ -389,7 +388,7 @@ function clone_all_inputs
        script_list=$(get_script_list)
        for line in $script_list; do
            case "$line" in
-                *unix* | *TA-unix* ) echo ""; echo "    cloning $line to $server_name"; echo ""; scripted_clone "$line"
+                *unix* | *Splunk_TA_nix* ) echo ""; echo "    cloning $line to $server_name"; echo ""; scripted_clone "$line"
            esac
        done
        for line in $MONITOR_INPUTS; do
@ -643,7 +642,7 @@ function select_input_menu
    script_list=$(get_script_list)
    for line in $script_list; do
        case "$line" in
-           *unix* | *TA-unix* ) echo " $input_counter - $line"; selection_list[$input_counter]=$line; input_counter=`expr $input_counter + 1`;
+           *unix* | *Splunk_TA_nix* ) echo " $input_counter - $line"; selection_list[$input_counter]=$line; input_counter=`expr $input_counter + 1`;
        esac
    done
    for line in $MONITOR_INPUTS; do
@ -883,7 +882,7 @@ function set_unix_app_info
    for line in $app_output; do
        case "$line" in
           *unix* ) set_app_installed "unix";;
-           *TA-unix* ) set_app_installed "TA-unix";;
+           *Splunk_TA_nix* ) set_app_installed "Splunk_TA_nix";;
           *ENABLED*) set_app_enabled;;
           #*DISABLED*) set_app_disabled;;
        esac
--- a/bin/setupservice.py
+++ b/bin/setupservice.py
@ -1,4 +1,3 @@
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
@ -21,19 +20,19 @@ class SetupService(splunk.rest.BaseRestHandler):
        sessionKey = self.sessionKey
        try:
            conf = bundle.getConf(
-                "app", sessionKey, namespace="TA-unix", owner="nobody"
+                "app", sessionKey, namespace="Splunk_TA_nix", owner="nobody"
            )
            stanza = conf.stanzas["install"].findKeys("is_configured")
            if stanza:
                if stanza["is_configured"] == "0" or stanza["is_configured"] == "false":
                    conf["install"]["is_configured"] = "true"
                    splunk.rest.simpleRequest(
-                        "/apps/local/TA-unix/_reload", sessionKey=sessionKey
+                        "/apps/local/Splunk_TA_nix/_reload", sessionKey=sessionKey
                    )
            else:
                conf["install"]["is_configured"] = "true"
                splunk.rest.simpleRequest(
-                    "/apps/local/TA-unix/_reload", sessionKey=sessionKey
+                    "/apps/local/Splunk_TA_nix/_reload", sessionKey=sessionKey
                )
        except Exception as e:
            self.response.write(e)
--- a/bin/sshdChecker.sh
+++ b/bin/sshdChecker.sh
@ -6,9 +6,8 @@
 . "$(dirname "$0")"/common.sh
 SSH_CONFIG_FILE=""
-if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "SunOS" ] || [ "$KERNEL" = "OpenBSD" ] ; then
+if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "SunOS" ] ; then
 	SSH_CONFIG_FILE=/etc/ssh/sshd_config
 	[ "$KERNEL" = "OpenBSD" ] && SPLUNK_HOME=/usr
 elif [ "$KERNEL" = "Darwin" ] ; then
 	SSH_CONFIG_FILE=/etc/sshd_config
 else
--- a/bin/time.sh
+++ b/bin/time.sh
@ -51,8 +51,6 @@ elif [ "$KERNEL" = "Darwin" ] && [ $FOUND_SNTP -eq 0 ] ; then # Mac OS 10.14.6 o
 	echo "CONFIG=$CONFIG, SERVER=$SERVER" >> "$TEE_DEST"
 #With Chrony
 elif [ "$KERNEL" = "OpenBSD" ]; then
 	CMD2="ntpctl -s all"
 else
 	CMD2="chronyc -n sources"
 fi
--- a/bin/update.sh
+++ b/bin/update.sh
@ -1,30 +1,22 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
-TMP_ERROR_FILTER_FILE=$(mktemp) # For filering out apt warning from stderr
+TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_update_error_tmpfile # For filering out apt warning from stderr
 if [ "$KERNEL" = "Linux" ] ; then
 	assertHaveCommand date
    OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2)
 	OS_FILE=/etc/os-release
 	# Ubuntu doesn't have yum installed by default hence apt is being used to get the list of upgradable packages
-    if [ "$OSName" = "Ubuntu" ] || [ "$OSName" = "Debian_GNU/Linux" ]; then
+    if [ "$OSName" = "Ubuntu" ]; then
 		assertHaveCommand apt
 		assertHaveCommand sed
 		# For this to work properly, add a line to /etc/sudoers like this:
 		#   splunk ALL=(root) NOPASSWD: /usr/bin/apt update
 		# Without the above line, 'apt list --upgradable' will not show updated packages unless the package databases were updated outside of this script
 		# sed command here replaces '/, [, ]' with ' '
-		if [ $(id -u) != 0 ]; then
+		CMD='eval date ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"'
 			CMD='eval date ; sudo -n /usr/bin/apt update > /dev/null 2>&1 ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"'
 		else
 			CMD='eval date ; /usr/bin/apt update > /dev/null 2>&1 ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"'
 		fi
 		# shellcheck disable=SC2016
 		PARSE_0='NR==1 {DATE=$0}'
 		# shellcheck disable=SC2016
@ -41,22 +33,6 @@ if [ "$KERNEL" = "Linux" ] ; then
 		# shellcheck disable=SC2016
 		PARSE_2='header_found { gsub(/[[:space:]]*\|[[:space:]]*/, "|"); split($0, arr, /\|/); printf "%s repository=%s package=%s current_package_version=%s latest_package_version=%s sles_architecture=%s\n", DATE, arr[2], arr[3], arr[4], arr[5], arr[6]}'
 		MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2"
  elif [ "$OSName" = "Arch_Linux" ] || [ "$OSName" = "Arch_Linux_ARM" ]; then
 		assertHaveCommand checkupdates
 		assertHaveCommand sed
 		# For this to work properly, add a line to /etc/sudoers like this:
 		#   splunk ALL=(root) NOPASSWD: /usr/bin/pacman -Syy
 		# Without the above line, checkupdates will not show updated packages unless the package databases were updated outside of this script (similar to Debian's apt update)
 		if [ $(id -u) != 0 ]; then
 			CMD='eval date ; eval uname -m | sed -r "s/(armv7l|aarch64)/arm64/;s/x86_64/amd64/"; sudo -n /usr/bin/pacman -Syy > /dev/null 2>&1 ; eval checkupdates'
 		else
 			CMD='eval date ; eval uname -m | sed -r "s/(armv7l|aarch64)/arm64/;s/x86_64/amd64/"; /usr/bin/pacman -Syy > /dev/null 2>&1 ; eval checkupdates'
 		fi
 		# shellcheck disable=SC2016
 		PARSE_0='NR==1 {DATE=$0}'
 		PARSE_1='NR==2 {ARCH=$0}'
 		PARSE_2='NR>2 {printf "%s arch_architecture=%s package=%s current_package_version=%s latest_package_version=%s\n", DATE, ARCH, $1, $2, $4}'
 		MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2"
 	else
 		assertHaveCommand yum
@ -103,7 +79,7 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	assertHaveCommand date
 	assertHaveCommand softwareupdate
-	CMD='eval date ; softwareupdate -l 2>&1 | grep -v "XType: Using static font registry"'
+	CMD='eval date ; softwareupdate -l'
 	# shellcheck disable=SC2016
 	PARSE_0='NR==1 {
 		DATE=$0
@ -115,21 +91,15 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	# of the update. Otherwise, print the update.
 	# shellcheck disable=SC2016
 	PARSE_1='NR>1 && PROCESS==1 && $0 !~ /^[[:blank:]]*$/ {
-		if ( $1 == "Title:" ) {
+		if ( $0 ~ /^[[:blank:]]*\*/ ) {
-			line = $0;
+			PACKAGE="package=\"" substr($0, index($0,$3)) "\""
 			gsub(/^.*Title: /, "", line);
 			gsub(/, Version:.*$/, "", line);
 			PACKAGE="package=\"" line "\""
 			version = $0;
 			gsub(/^.*Title: [^,]+, Version: /, "", version);
 			gsub(/, Size:.*$/, "", version);
 			VERSION="latest_package_version=\"" version "\""
 			RECOMMENDED=""
 			RESTART=""
 			TOTAL=TOTAL+1
-			if ( $0 ~ /Recommended: YES/ ) { RECOMMENDED="is_recommended=\"true\"" }
+		} else {
-			if ( $0 ~ /Action: restart/ ) { RESTART="restart_required=\"true\"" }
+			if ( $0 ~ /Recommended/ ) { RECOMMENDED="is_recommended=\"true\"" }
-			printf "%s %s %s %s\n", DATE, PACKAGE, VERSION, RECOMMENDED, RESTART
+			if ( $0 ~ /restart/ ) { RESTART="restart_required=\"true\"" }
 			printf "%s %s %s %s\n", DATE, PACKAGE, RECOMMENDED, RESTART
 		}
 	}'
@ -145,10 +115,6 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3"
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	CMD="eval pkg_add -usv 2>&1 | grep -vE '(Adding quirks-|pkg_add should be run as root)' | grep ^Adding | sed -E 's/^Adding ([^:]+:)?(.*)->(.*)\(pretending\)/\2 \3/' | while read pkg ver; do name=\$(pkg_info -P \$pkg | grep -A1 ^Pkgpath:|tail -n1|cut -d/ -f2-); date \"+%a %b %e %H:%M:%S %Z %Y arch_architecture=\$(arch -s) package=\$name current_package_version=\$(echo \$pkg | sed -E \"s/\$name-//\") latest_package_version=\$ver\"; done"
 	#CMD="eval for f in \$(pkg_add -usv 2>&1 | grep -vE \"(Adding quirks-|pkg_add should be run as root)\" | grep ^Adding | sed -E \"s/^Adding ([^:]+:)?(.*)->(.*)\(pretending\)/\2 \3/\"); do echo \$f; done"
 	MESSAGE="{print}"
 else
 	# Exits
 	failUnsupportedScript
--- a/bin/uptime.sh
+++ b/bin/uptime.sh
@ -18,7 +18,7 @@ fi
 # This should work for any POSIX-compliant system, but in case it doesn't
 # we have left the individual OS names here to be broken out later on.
-if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "SunOS" ] || [ "$KERNEL" = "AIX" ] || [ "$KERNEL" = "HP-UX" ] || [ "$KERNEL" = "Darwin" ] || [ "$KERNEL" = "FreeBSD" ] || [ "$KERNEL" = "OpenBSD" ] ; then
+if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "SunOS" ] || [ "$KERNEL" = "AIX" ] || [ "$KERNEL" = "HP-UX" ] || [ "$KERNEL" = "Darwin" ] || [ "$KERNEL" = "FreeBSD" ] ; then
        assertHaveCommand date
        assertHaveCommand ps
        CMD='eval date; LC_ALL=POSIX ps -o etime= -p 1'
--- a/bin/version.sh
+++ b/bin/version.sh
@ -8,20 +8,13 @@
 PRINTF='END {printf "%s %s %s %s %s %s %s %s %s\n", DATE, MACH_HW_NAME, MACH_ARCH_NAME, OS_REL, OS_NAME, OS_VER, KERNEL_NAME, KERNEL_VERSION, KERNEL_RELEASE}'
-if [ "$KERNEL" = "Linux" ] ; then
+if [ "$KERNEL" = "Linux" ] || [ "$KERNEL" = "SunOS" ] || [ "$KERNEL" = "FreeBSD" ] ; then
 	assertHaveCommand date
 	assertHaveCommand uname
 	VERSION=$(grep "^VERSION=" /etc/*-release | cut -d= -f2 | sed 's/^["]*//;s/["]*$//' | paste -sd " " -)
 	NAME=$(grep "^NAME=" /etc/*-release | cut -d= -f2 | sed 's/^["]*//;s/["]*$//' | paste -sd " " -)
 	VERSION_ID=$(grep "^VERSION_ID=" /etc/*-release | cut -d= -f2 | sed 's/^["]*//;s/["]*$//' | paste -sd " " -)
-	MACHINE_ARCH=$(uname -p)
+	CMD="eval date ; eval uname -m ; echo \"$VERSION\" ; echo \"$NAME\" ; echo \"$VERSION_ID\" ; eval uname -p ; eval uname -s ; eval uname -v ; eval uname -r"
 	which dpkg > /dev/null 2>&1 && MACHINE_ARCH=$(dpkg --print-architecture)
 	which pacman > /dev/null 2>&1 && MACHINE_ARCH=$(uname -m | sed -r "s/(armv7l|aarch64)/arm64/;s/x86_64/amd64/") && VERSION=rolling && VERSION_ID=rolling
 	CMD="eval date ; eval uname -m ; echo \"$VERSION\" ; echo \"$NAME\" ; echo \"$VERSION_ID\" ; echo \"$MACHINE_ARCH\" ; eval uname -s ; eval uname -v ; eval uname -r"
 elif [ "$KERNEL" = "SunOS" ] || [ "$KERNEL" = "FreeBSD" ] || [ "$KERNEL" = "OpenBSD" ] ; then
 	assertHaveCommand date
 	assertHaveCommand uname
 	CMD='eval date ; eval uname -m ; eval uname -r ; echo $KERNEL ; eval uname -r; eval uname -p ; eval uname -s ; eval uname -v ; eval uname -r;'
 elif [ "$KERNEL" = "Darwin" ] ; then
  # Darwin-macos uses sw_vers for os version, name and release switch.
 	assertHaveCommand date
--- a/bin/vmstat.sh
+++ b/bin/vmstat.sh
@ -1,13 +1,10 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 # hardware.sh is called in all commands to get CPU counts. The CPU count is required to determine
 # the number of threads that waited for execution time. CPU count accounts for hyperthreaded cores so
 # (load average - CPU count) gives a reasonable estimate of how many threads were waiting to execute.
@ -29,7 +26,7 @@ if [ "$KERNEL" = "Linux" ] ; then
 	# shellcheck disable=SC2016
 	PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}'
 	# shellcheck disable=SC2016
-	PARSE_2='/(K|pages) paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
+	PARSE_2='/pages paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
 	# shellcheck disable=SC2016
 	PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}'
 	# shellcheck disable=SC2016
@ -129,9 +126,9 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
 elif [ "$KERNEL" = "Darwin" ] ; then
 	assertHaveCommand sysctl
 	assertHaveCommand top
-	assertHaveCommand vm_stat
+	assertHaveCommand sar
 	# shellcheck disable=SC2016
-	CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; vm_stat | awk "/Pageouts:/{print \"pgpageout \" \$NF}/^Swapouts:/{print \"pgswapout \" \$NF}"; vm_stat -c5 1 | tail -n -4 | awk "{pi=pi+\$19;po=po+\$20;si=si+\$21;so=so+\$22}END{printf \"pginps %.2f pgoutps %.2f swinps %.2f swoups %.2f\n\",pi/4,po/4,si/4,so/4}"'
+	CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; sar -gp 1 2'
 	FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}'
 	# shellcheck disable=SC2016
 	PARSE_0='/^hw.memsize:/ {memTotalMB=$2 / (1024*1024)}'
@ -140,39 +137,24 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	# shellcheck disable=SC2016
 	PARSE_2='/^vm.swapusage:/ {swapUsed=toMB($7); swapFree=toMB($10)}'
 	# shellcheck disable=SC2016
-	PARSE_3='/^pgpageout / {pgPageOut=0+$2}'
+	PARSE_3='/^VM:/ {pgPageOut=0+$7}'
-	# shellcheck disable=SC2016
+	if $OSX_GE_SNOW_LEOPARD; then
-	PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}'
+		# shellcheck disable=SC2016
 		PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}'
 	else
 		# shellcheck disable=SC2016
 		PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-2)}'
 	fi
 	# shellcheck disable=SC2016
 	PARSE_5='/^Load Avg:/ {loadAvg1mi=0+$3}'
 	# shellcheck disable=SC2016
 	PARSE_6='/^CPU_COUNT/ {cpuCount=$2}'
 	# shellcheck disable=SC2016
-	PARSE_7='$1 == "pginps" {pgPageIn_PS=$2;pgPageOut_PS=$4;pgSwapIn=$6;pgSwapOut=$8}'
+	PARSE_7='($0 ~ "Average" && $1 ~ "pgout*") {next} {pgPageOut_PS=$2}'
 	# shellcheck disable=SC2016
-	PARSE_8='/^pgswapout / {pgSwapOut=0+$2}'
+	PARSE_8='($0 ~ "Average" && $1 ~ "pgin*") {next} {pgPageIn_PS=$2}'
 	MASSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $PARSE_8 $DERIVE"
-	FILL_BLANKS='END {cSwitches=interrupts=interrupts_PS=forks="0"}'
+	FILL_BLANKS='END {pgSwapOut=cSwitches=interrupts=interrupts_PS=forks="?"}'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	# shellcheck disable=SC2016
 	CMD='eval sysctl -n hw.physmem ; vmstat -s ; top -Sb 0; `dirname $0`/hardware.sh'
 	FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}'
 	# shellcheck disable=SC2016
 	PARSE_0='(NR==1) {memTotalMB=$1 / (1024*1024)}'
 	# shellcheck disable=SC2016
 	PARSE_1='/pages being paged out$/ {pgPageOut+=$1} /forks$/ {forks+=$1} /cpu context switches$/ {cSwitches+=$1} /interrupts$/ {interrupts+=$1}'
 	# shellcheck disable=SC2016
 	PARSE_2='/load averages:/ {loadAvg1mi=$3} /^[0-9]+ processes: / {processes=$1}'
 	# shellcheck disable=SC2016
 	PARSE_3='/Swap: / { split($10, a, "/"); swapTotal=toMB(a[2]); swapUsed=toMB(a[1]); swapFree=swapTotal-swapFree; } /^Memory: / {memFreeMB=toMB($6)}'
 	# shellcheck disable=SC2016
 	PARSE_4='/^CPU_COUNT/ {cpuCount=$2}'
 	# shellcheck disable=SC2016
 	PARSE_5='($3 ~ "INTR") {nr1[NR+3]} NR in nr1 {interrupts_PS=$3}'
 	# shellcheck disable=SC2016
 	PARSE_6='($3 ~ "pgpgin*") {nr2[NR+3]} NR in nr2 {pgPageIn_PS=$3; pgPageOut_PS=$4}'
 	MASSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $DERIVE"
 	FILL_BLANKS='END {threads=pgSwapOut="?"}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
 	# shellcheck disable=SC2016
 	CMD='eval sysctl hw.physmem ; vmstat -s ; top -Sb 0; `dirname $0`/hardware.sh'
@ -195,5 +177,5 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 	FILL_BLANKS='END {threads=pgSwapOut="?"}'
 fi
-$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $MASSAGE $FILL_BLANKS $PRINTF"  header="$HEADER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK "$HEADERIZE $MASSAGE $FILL_BLANKS $PRINTF"  header="$HEADER"
 echo "Cmd = [$CMD];  | $AWK '$HEADERIZE $MASSAGE $FILL_BLANKS $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
--- a/bin/vmstat_metric.sh
+++ b/bin/vmstat_metric.sh
@ -1,13 +1,10 @@
 #!/bin/sh
 # Copyright (C) 2025 Michael Erdely All Rights Reserved.
 # SPDX-FileCopyrightText: 2024 Splunk, Inc.
 # SPDX-License-Identifier: Apache-2.0
 # shellcheck disable=SC1091
 . "$(dirname "$0")"/common.sh
 assertHaveCommand column
 # hardware.sh is called in all commands to get CPU counts. The CPU count is required to determine
 # the number of threads that waited for execution time. CPU count accounts for hyperthreaded cores so
 # (load average - CPU count) gives a reasonable estimate of how many threads were waiting to execute.
@ -26,16 +23,16 @@ if [ "$KERNEL" = "Linux" ] ; then
 	# shellcheck disable=SC2016
 	CMD='eval uptime ; ps -e | wc -l ; ps -eT | wc -l ; vmstat -s ; `dirname $0`/hardware.sh; sar -B 1 2; sar -I SUM 1 2'
 	if [ ! -f "/etc/os-release" ] ; then
-        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')"
+        DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\  -f1)"
    else
-        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}')"
+        DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\  -f1)"
    fi
 	# shellcheck disable=SC2016
 	PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} NR==3 {threads=$1}'
 	# shellcheck disable=SC2016
 	PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}'
 	# shellcheck disable=SC2016
-	PARSE_2='/(K|pages) paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
+	PARSE_2='/pages paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}'
 	# shellcheck disable=SC2016
 	PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}'
 	# shellcheck disable=SC2016
@ -139,9 +136,9 @@ elif [ "$KERNEL" = "HP-UX" ] ; then
 elif [ "$KERNEL" = "Darwin" ] ; then
 	assertHaveCommand sysctl
 	assertHaveCommand top
-	assertHaveCommand vm_stat
+	assertHaveCommand sar
 	# shellcheck disable=SC2016
-	CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; vm_stat | awk "/Pageouts:/{print \"pgpageout \" \$NF}/^Swapouts:/{print \"pgswapout \" \$NF}"; vm_stat -c5 1 | tail -n -4 | awk "{pi=pi+\$19;po=po+\$20;si=si+\$21;so=so+\$22}END{printf \"pginps %.2f pgoutps %.2f swinps %.2f swoups %.2f\n\",pi/4,po/4,si/4,so/4}"'
+	CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; sar -gp 1 2'
 	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
    FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}'
 	# shellcheck disable=SC2016
@ -151,40 +148,24 @@ elif [ "$KERNEL" = "Darwin" ] ; then
 	# shellcheck disable=SC2016
 	PARSE_2='/^vm.swapusage:/ {swapUsed=toMB($7); swapFree=toMB($10)}'
 	# shellcheck disable=SC2016
-	PARSE_3='/^pgpageout / {pgPageOut=0+$2}'
+	PARSE_3='/^VM:/ {pgPageOut=0+$7}'
-	# shellcheck disable=SC2016
+	if $OSX_GE_SNOW_LEOPARD; then
-	PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}'
+		# shellcheck disable=SC2016
 		PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}'
 	else
 		# shellcheck disable=SC2016
 		PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-2)}'
 	fi
 	# shellcheck disable=SC2016
 	PARSE_5='/^Load Avg:/ {loadAvg1mi=0+$3}'
 	# shellcheck disable=SC2016
 	PARSE_6='/^CPU_COUNT/ {cpuCount=$2}'
 	# shellcheck disable=SC2016
-	PARSE_7='$1 == "pginps" {pgPageIn_PS=$2;pgPageOut_PS=$4;pgSwapIn=$6;pgSwapOut=$8}'
+	PARSE_7='($0 ~ "Average" && $1 ~ "pgout*") {next} {pgPageOut_PS=$2}'
 	# shellcheck disable=SC2016
-	PARSE_8='/^pgswapout / {pgSwapOut=0+$2}'
+	PARSE_8='($0 ~ "Average" && $1 ~ "pgin*") {next} {pgPageIn_PS=$2}'
 	MESSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $PARSE_8 $DERIVE"
-	FILL_BLANKS='END {cSwitches=interrupts=interrupts_PS=forks="0"}'
+	FILL_BLANKS='END {pgSwapOut=cSwitches=interrupts=interrupts_PS=forks="?"}'
 elif [ "$KERNEL" = "OpenBSD" ] ; then
 	# shellcheck disable=SC2016
 	CMD='eval sysctl -n hw.physmem ; vmstat -s ; top -Sb 0; `dirname $0`/hardware.sh'
 	DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\  -f2 | head -n 1)"
 	FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}'
 	# shellcheck disable=SC2016
 	PARSE_0='(NR==1) {memTotalMB=$1 / (1024*1024)}'
 	# shellcheck disable=SC2016
 	PARSE_1='/pages being paged out$/ {pgPageOut+=$1} /forks$/ {forks+=$1} /cpu context switches$/ {cSwitches+=$1} /interrupts$/ {interrupts+=$1}'
 	# shellcheck disable=SC2016
 	PARSE_2='/load averages:/ {loadAvg1mi=$3} /^[0-9]+ processes: / {processes=$1}'
 	# shellcheck disable=SC2016
 	PARSE_3='/Swap: / { split($10, a, "/"); swapTotal=toMB(a[2]); swapUsed=toMB(a[1]); swapFree=swapTotal-swapFree; } /^Memory: / {memFreeMB=toMB($6)}'
 	# shellcheck disable=SC2016
 	PARSE_4='/^CPU_COUNT/ {cpuCount=$2}'
 	# shellcheck disable=SC2016
 	PARSE_5='($3 ~ "INTR") {nr1[NR+3]} NR in nr1 {interrupts_PS=$3}'
 	# shellcheck disable=SC2016
 	PARSE_6='($3 ~ "pgpgin*") {nr2[NR+3]} NR in nr2 {pgPageIn_PS=$3; pgPageOut_PS=$4}'
 	MESSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $DERIVE"
 	FILL_BLANKS='END {threads=pgSwapOut="?"}'
 elif [ "$KERNEL" = "FreeBSD" ] ; then
 	# shellcheck disable=SC2016
 	CMD='eval sysctl hw.physmem ; vmstat -s ; top -Sb 0; `dirname $0`/hardware.sh'
@ -208,5 +189,5 @@ elif [ "$KERNEL" = "FreeBSD" ] ; then
 	FILL_BLANKS='END {threads=pgSwapOut="?"}'
 fi
 # shellcheck disable=SC2086
-$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$HEADERIZE $MESSAGE $FILL_BLANKS $FILL_DIMENSIONS $PRINTF "  header="$HEADER" | column -t
+$CMD | tee "$TEE_DEST" | $AWK $DEFINE "$HEADERIZE $MESSAGE $FILL_BLANKS $FILL_DIMENSIONS $PRINTF "  header="$HEADER"
 echo "Cmd = [$CMD];  | $AWK $DEFINE '$HEADERIZE $MESSAGE $FILL_BLANKS $FILL_DIMENSIONS $PRINTF' header=\"$HEADER\"" >> "$TEE_DEST"
--- a/default/app.conf
+++ b/default/app.conf
@ -7,24 +7,24 @@
 [install]
 is_configured = false
 state = enabled
-build = 1738793362
+build = 1738357282
 [ui]
 setup_view = ta_nix_configuration
 is_visible = true
-label = Technical Add-on for Unix and Linux
+label = Splunk Add-on for Unix and Linux
 docs_section_override = AddOns:released
 [launcher]
-author = Michael Erdely
+author = Splunk, Inc.
-version = 10.0.0.1
+version = 10.0.0
-description = Technical Add-on for Unix and Linux
+description = Splunk Add-on for Unix and Linux
-#[package]
+[package]
-#id = TA-unix
+id = Splunk_TA_nix
-#check_for_updates = true
+check_for_updates = true
 [id]
-name = TA-unix
+name = Splunk_TA_nix
-version = 10.0.0.1
+version = 10.0.0
--- a/default/data/ui/views/ta_nix_configuration.env_cloud.xml
+++ b/default/data/ui/views/ta_nix_configuration.env_cloud.xml
@ -4,12 +4,11 @@
  -->
 <dashboard script="setup_cloud.js" stylesheet="setup.css" version="1.1">
-  <label>Technical Add-on for Unix and Linux: Setup</label>
+  <label>Splunk Add-on for Unix and Linux: Setup</label>
  <row>
    <panel>
      <html>
-        <p>Please set up this add-on on your forwarders. Documentation on how to configure this add-on,
+        <p>Please set up this add-on on your forwarders. Documentation on how to configure this add-on is
 	  which is the same as the Splunk Add-on for Unix and Linux, is
          <a target="_blank" href="http://docs.splunk.com/Documentation/UnixAddOn/latest/User/DeploytheSplunkAdd-onforUnixandLinuxinadistributedSplunkenvironment">here</a>.
          <br/>
          Click on below button, if you are getting redirected to this page while editing the add-on's knowledge object.
--- a/default/data/ui/views/ta_nix_configuration.xml
+++ b/default/data/ui/views/ta_nix_configuration.xml
@ -10,15 +10,15 @@
  ||       It has no effect on Splunk Enterprise.
  -->
 <dashboard script="setup.js" stylesheet="setup.css" isVisible="false" version="1.1">
-    <label>Technical Add-on for Unix and Linux: Setup</label>
+    <label>Splunk Add-on for Unix and Linux: Setup</label>
    <row>
        <html>
            <p id="overview">
-                The Technical Add-on for Unix and Linux provides pre-built data inputs to facilitate
+                The Splunk Add-on for Unix and Linux provides pre-built data inputs to facilitate
                Linux and Unix system monitoring using Splunk.  Check out the
-		<a href="https://git.erdelynet.com/mike/TA-unix" target="_blank">
+                <a href="http://apps.splunk.com/app/833/" target="_blank">
-                    Technical Add-on for Unix and Linux
+                    Splunk for Unix Technical Add-on
-                </a> page
+                </a> page on <a href="http://apps.splunk.com/" target="_blank">Splunkbase</a>
                for support information, the latest updates, and more.
            </p>
--- a/default/eventtypes.conf
+++ b/default/eventtypes.conf
@ -8,7 +8,7 @@
 search = NOT *
 [nix_ta_data]
-search = eventtype=nix_ta_custom_eventtype OR (sourcetype IN (docker_metric, vmstat_metric, iostat_metric, ps_metric, df_metric, interfaces_metric, cpu_metric, docker, vmstat, iostat, ps, top, netstat, bandwidth, protocol, openPorts, time, lsof, df, who, usersWithLoginPrivs, lastlog, interfaces, cpu, auditd, package, hardware, bash_history, Unix:ListeningPorts, Unix:UserAccounts, Linux:SELinuxConfig, Unix:Service, Unix:SSHDConfig, Unix:Update, Unix:Uptime, Unix:Version, Unix:VSFTPDConfig, config_file, dhcpd, nfsiostat, ignored_type, aix_secure, osx_secure, linux_secure, linux_audit, syslog) OR source IN (/Library/Logs/*, /var/log/*, /var/adm/*, /etc/*))
+search = eventtype=nix_ta_custom_eventtype OR (sourcetype IN (vmstat_metric, iostat_metric, ps_metric, df_metric, interfaces_metric, cpu_metric, vmstat, iostat, ps, top, netstat, bandwidth, protocol, openPorts, time, lsof, df, who, usersWithLoginPrivs, lastlog, interfaces, cpu, auditd, package, hardware, bash_history, Unix:ListeningPorts, Unix:UserAccounts, Linux:SELinuxConfig, Unix:Service, Unix:SSHDConfig, Unix:Update, Unix:Uptime, Unix:Version, Unix:VSFTPDConfig, config_file, dhcpd, nfsiostat, ignored_type, aix_secure, osx_secure, linux_secure, linux_audit, syslog) OR source IN (/Library/Logs/*, /var/log/*, /var/adm/*, /etc/*))
 ###### Globals ######
 [nix_security]
@ -112,10 +112,6 @@ search = sourcetype=time
 [usersWithLoginPrivs]
 search = sourcetype=usersWithLoginPrivs
 [docker]
 search = sourcetype=docker
 #tags = performance os avail unix report docker
 [vmstat]
 search = sourcetype=vmstat
 #tags = performance os avail unix report vmstat resource success memory
--- a/default/inputs.conf
+++ b/default/inputs.conf
@ -4,12 +4,6 @@
 ##
 ##
 [script://./bin/docker_metric.sh]
 sourcetype = docker_metric
 source = docker
 interval = 60
 disabled = 1
 [script://./bin/vmstat_metric.sh]
 sourcetype = vmstat_metric
 source = vmstat
@ -50,12 +44,6 @@ disabled = 1
 ############### Event Inputs ###################
 ################################################
 [script://./bin/docker.sh]
 interval = 60
 sourcetype = docker
 source = docker
 disabled = 1
 [script://./bin/vmstat.sh]
 interval = 60
 sourcetype = vmstat
--- a/default/props.conf
+++ b/default/props.conf
@ -91,15 +91,6 @@ FIELDALIAS-dest_nt_host = dest_host as dest_nt_host
 ## Scripted Metric Inputs
 #########################
 [docker_metric]
 SHOULD_LINEMERGE=false
 LINE_BREAKER = ([\r\n]+)
 KV_MODE = json
 NO_BINARY_CHECK = true
 TRUNCATE=1000000
 TRANSFORMS-docker-metric-dimensions=eval_dimensions
 METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_metrics_docker
 [vmstat_metric]
 SHOULD_LINEMERGE=false
 LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
@ -523,14 +514,6 @@ TRUNCATE=1000000
 DATETIME_CONFIG = CURRENT
 KV_MODE=multi
 [docker]
 SHOULD_LINEMERGE=false
 LINE_BREAKER=(^$|[\r\n]+)
 TRUNCATE=1000000
 KV_MODE = json
 FIELDALIAS-dest_for_docker = host as dest
 FIELDALIAS-src_for_docker = host as src
 [vmstat]
 LINE_BREAKER=(^$|[\r\n]+[\r\n]+)
 TRUNCATE=1000000
@ -574,7 +557,7 @@ FIELDALIAS-dest = host as dest
 # Stanzas in this section are legacy configuration stanzas
 # intended to support parsing of data created by scripts in
 # TA-deploymentapps, which has since been retired. Systems that use
-# TA-unix on the search head but which may be searching data
+# Splunk_TA_nix on the search head but which may be searching data
 # from forwarders on which the older scripts are still in use should
 # be able to search new and old data seamlessly.
--- a/default/tags.conf
+++ b/default/tags.conf
@ -274,6 +274,7 @@ network = enabled
 session = enabled
 end = enabled
 ## Authentication
 [eventtype=sshd_authentication]
 authentication = enabled
 remote = enabled
@ -664,7 +665,7 @@ os =  enabled
 # Stanzas in this section are legacy configuration stanzas
 # intended to support parsing of data created by scripts in
 # TA-deploymentapps, which has since been retired. Systems that use
-# TA-unix on the search head but which may be searching data
+# Splunk_TA_nix on the search head but which may be searching data
 # from forwarders on which the older scripts are still in use should
 # be able to search new and old data seamlessly.
--- a/default/transforms.conf
+++ b/default/transforms.conf
@ -183,9 +183,6 @@ REGEX=[[dhcp_prefix_src]]reuse_lease:\s+lease\s+age.*under.*threshold,\s+reply\s
 # Support for omitting the IPv6 Address field when the script output doesn't include an IPv6 Address
 INGEST_EVAL = metric_name=sourcetype, entity_type="TA_Nix", OS_name=replace(OSName, "_", " "), IPv6_address = if(IPv6_Address=="?", null(), IPv6_Address)
 #[extract_docker_metrics]
 #INGEST_EVAL= CPUPct=CPUPct,MemUsage=MemUsage,MemTotal=MemTotal,MemPct=MemPct,NetRX=NetRX,RXps=RXps,NetTX=NetTX,TXps=TXps,BlockRead=BlockRead,BRps=BRps,BlockWrite=BlockWrite,BWps=BWps,Pids=Pids
 [extract_df_metrics]
 INGEST_EVAL = UsePct=coalesce('UsePct','Capacity','Use'), Size_KB=coalesce('Size','1K_blocks','1024_blocks'), Used_KB='Used', Avail_KB=coalesce('Avail','Available'), INodes=coalesce('INodes','Inodes'), IUsed=coalesce('IUsed','iused','Iused'), IFree=coalesce('IFree','ifree','Ifree'), IUsePct=coalesce('IUsePct','IUse'), Size=coalesce('Size','1K_blocks','1024_blocks'), Avail=coalesce('Avail','Available'), Type=coalesce('Type',"?")
@ -211,10 +208,6 @@ METRIC-SCHEMA-BLACKLIST-DIMS= OSName
 METRIC-SCHEMA-MEASURES= memTotalMB,memFreeMB,memUsedMB,memFreePct,memUsedPct,pgPageOut,swapUsedPct,pgSwapOut,cSwitches,interrupts,forks,processes,threads,loadAvg1mi,waitThreads,interrupts_PS,pgPageIn_PS,pgPageOut_PS
 METRIC-SCHEMA-BLACKLIST-DIMS= OSName
 [metric-schema:extract_metrics_docker]
 METRIC-SCHEMA-MEASURES= _NUMS_EXCEPT_ OS_version
 METRIC-SCHEMA-BLACKLIST-DIMS= OSName
 [metric-schema:extract_metrics_df]
 METRIC-SCHEMA-MEASURES= _NUMS_EXCEPT_ OS_name, OS_version, IP_address, Filesystem, Type, MountedOn, IPv6_Address, IPv6_address
 METRIC-SCHEMA-BLACKLIST-DIMS= IPv6_Address
@ -531,7 +524,7 @@ FORMAT = signature::$1
 # Stanzas in this section are legacy configuration stanzas
 # intended to support parsing of data created by scripts in
 # TA-deploymentapps, which has since been retired. Systems that use
-# TA-unix on the search head but which may be searching data
+# Splunk_TA_nix on the search head but which may be searching data
 # from forwarders on which the older scripts are still in use should
 # be able to search new and old data seamlessly.
--- a/docs/ReleaseNotes.md
+++ b/docs/ReleaseNotes.md
@ -1,153 +0,0 @@
 # Technical Add-on for Unix and Linux
 ## Version 10.0.0.1 (2025-02-19)
 Fix report CPU_TYPE in hardware.sh for RPIs
 Changes:
 * For CPU_TYPE in hardware.sh, report something if /proc/cpuinfo does not
  contain processor model information
 ## Version 10.0.0.0 (2025-02-05)
 Merge in Splunk Add-On for Unix and Linux version 10.0.0
 ## Version 9.2.0.13 (2025-02-03)
 Fix alignment and fix packages for Arch Linux
 Changes:
 * Align columns with "column -t"
 * Add Arch Linux support in packages.sh
 ## Version 9.2.0.12 (2025-01-25)
 Add Version to update.sh for Darwin
 Changes:
 * Add version to update.sh for Darwin
 ## Version 9.2.0.11 (2025-01-25)
 Fix Darwin Scripts and Document Sudo
 Changes:
 * Use sudo in service.sh for Darwin to find user services if not running as root
 * Fix parsing the output of softwareupdate command on Darwin in update.sh
 * Better document usage of sudo in docs/Sudo.md
 ## Version 9.2.0.10 (2025-01-25)
 Fix OpenBSD Support and Other Bugs
 Changes:
 * Fix OpenBSD cpu.sh output to match others
 * Fix OpenBSD df.sh output (no need for %% here)
 * Do not use sudo or doas when running as root
 * Use #!/usr/bin/env bash to support OpenBSD in run_nix_ta_commands
 * Fix rsyslog example to trim whitespace in run_nix_ta_commands
 * Add /usr/local/sbin:/usr/local/bin to PATH in run_nix_ta_commands
 * Fix getting hour and minute for OpenBSD in run_nix_ta_commands
  "08" shows up to printf as octal
 * Support difference in OpenBSD logger command:
  Requires modifying /etc/syslog.conf and setting facility in /etc/nix_ta.conf
 ## Version 9.2.0.9 (2025-01-25)
 Support OpenBSD
 Changes:
 * Add OpenBSD support to the scripts
 * Fix sysctl usage for FreeBSD in a couple places
 ## Version 9.2.0.8 (2025-01-23)
 Fix df.sh and df_metric.sh
 Changes:
 * Fix Linux when df outputs a "-"
 * Exclude efivars partitions for Linux
 * Fix the output on Darwin to match Linux output
 ## Version 9.2.0.7 (2025-01-20)
 Fix run_nix_ta_commands script
 Changes:
 * Make run_nix_ta_commands (in extra) use /etc/nix_ta.conf for its settings
  instead of hard-coding them in the script
 ## Version 9.2.0.6 (2025-01-17)
 Fix docker script and props
 Changes:
 * Fix output for docker script (handle lines that didn't have values)
 * Fix props.conf LINE_BREAKER for docker
 ## Version 9.2.0.5 (2025-01-11)
 Add script for docker events/metrics and support running TA outside of Splunk
 Changes:
 * Add docker.sh and docker_metric.sh for collecting docker events/metrics
 * Add helper script to extra/ to run the TA commands on systems without
  a Splunk forwarder. The commands can be sent to a syslog server.
  This script is useful for systems with small or read-only filesystems that
  cannot support a Universal Forwarder.
 * Add syslog_inputs_nix_ta app to extra/ for ingesting the data from syslog
 ## Version 9.2.0.4 (2025-01-11)
 Make distro_name work everywhere
 Changes:
 * For MacOS, print MacOS for distro_name
 * For others, print $KERNEL for distro_name
 ## Version 9.2.0.3 (2025-01-11)
 Fix bug in 9.2.0.2
 Changes:
 * Add code I forgot for machine_arch for Linux
 * Add Makefile to make making releases easier
 ## Version 9.2.0.2 (2025-01-11)
 Improvements for version.sh
 Changes:
 * Include kernel_release, kernel_version, and distro_name
 * For Linux and MacOS, use actual OS versions/releases instead of
  kernel version/release
 ## Version 9.2.0.1 (2025-01-09)
 Initial fork of the Splunk Add-on for Unix and Linux
 Changes:
 * Use ip command to determine IP address
  ('hostname -I' does not work on all Linux systems)
 * Filter out multiple listing of the same btrfs volume
 * Use mktemp for temp files (for times when the TA may be run outside of Splunk)
 * If running rlog.sh outside of Splunk, use $HOME to store seek file
 * Debian also uses apt
 * Arch Linux uses pacman
 * Add use of sudo -n for 'apt update' and 'pacman -Syy'
 * vmstat uses "K paged out"
 * Replace the use of 'sar' with netstat and vm_stat for MacOS
--- a/docs/Sudo.md
+++ b/docs/Sudo.md
@ -1,45 +0,0 @@
 # Sudo Usage
 Some commands may need to use sudo or doas to execute. Below is documentation
 for those cases.
 ## MacOS/Darwin service.sh
 The service.sh script searches users' home directories and a splunk user does
 not have rights to do that.
 Create a file like /etc/sudoers.d/splunk and add:
 ```
 splunk ALL=(root) NOPASSWD: /usr/bin/find /Users -name loginwindow.plist
 ```
 ## Docker
 Either add the splunk user to the docker group or run the command with sudo.
 To make sudo work, create a file like /etc/sudoers.d/splunk and add:
 ```
 splunk ALL=(root) NOPASSWD: /usr/bin/docker stats --no-stream --no-trunc --all
 splunk ALL=(root) NOPASSWD: /usr/bin/docker ps --all --no-trunc --format *
 splunk ALL=(root) NOPASSWD: /usr/bin/docker inspect -f *
 ```
 ## Debian/Ubuntu apt update
 A splunk user does not have the ability to update the package cache.
 To make sudo work, create a file like /etc/sudoers.d/splunk and add:
 ```
 splunk ALL=(root) NOPASSWD: /usr/bin/apt update
 ```
 ## Arch Linux pacman update cache
 A splunk user does not have the ability to update the package cache.
 To make sudo work, create a file like /etc/sudoers.d/splunk and add:
 ```
 splunk ALL=(root) NOPASSWD: /usr/bin/pacman -Syy
 ```
--- a/extra/run_nix_ta_commands
+++ b/extra/run_nix_ta_commands
@ -1,180 +0,0 @@
 #!/usr/bin/env bash
 # This script allows getting the Techical Add-on for Unix and Linux data into
 # Splunk from systems that are not running a Splunk Universal Forwarder.
 # This is useful for systems with small or read-only file-systems.
 #
 # ## Sample rsyslog.conf:
 # # Config for handling remote logs
 # template(name="RemoteLogs" type="string" string="/share/syslog/%FROMHOST%/%$.myprogramname%/%$.myprogramname%-%$YEAR%-%$MONTH%-%$DAY%.log")
 # # Write raw messages for splunk logs
 # template(name="RawMessageOnly" type="string" string="%$.mymsg%\n")
 # # Look for logs with nix_ta to apply RawMessagesOnly and send to RemoteLogs
 # if ($syslogtag startswith 'nix_ta_') then {
 #   set $.mymsg = ltrim(rtrim(replace($msg, "#011", " ")));
 #   action(type="omfile" dynaFile="RemoteLogs" template="RawMessageOnly"
 #     fileCreateMode="0644" dirCreateMode="0755"
 #     fileOwner="root" fileGroup="splunk"
 #     dirOwner="root" dirGroup="splunk")
 #   stop
 # }
 # # End of sample rsyslog.conf
 #
 # ## run_nix_ta_commands configuration file
 # * Create a new file (/etc/nix_ta.conf) with the following settings in it
 #   * ta_home: The directory you copied the Technical Add-on for Unix and Linux files
 #   * tag_prefix: The events will be sent to syslog with ${tag_prefix}SCRIPTNAME as a tag
 #   * syslog_server: The UDP syslog server to send events to
 #   * run_minute: For scripts that have intervals over an hour, which minute to run them
 #   * run_hour: For scripts that run once a day, which hour to run them
 #   * facility: For logger commands like OpenBSD that do not support pointing to a syslog_server directly
 #               Set to something like "local3.info"
 #
 # ## Using syslog facility instead of specifying a syslog server with logger
 # Using $facility when logger does not support specifying $syslog_server:
 # Modify local syslog server to send logs for $facility to the $syslog_server
 # On OpenBSD, an example for /etc/syslog.conf is:
 #   local3.*                             @192.168.1.1
 #
 # ## Cron job example:
 #   * * * * * /path/to/script/run_nix_ta_commands
 # Ensure the logger command is available
 which logger > /dev/null 2>&1 || { echo "Error: The logger command is required for this script"; exit; }
 # Ensure PATH has correct paths
 export PATH=$PATH:/usr/local/sbin:/usr/local/bin
 # Example/default settings -- override in /etc/nix_ta.conf
 ta_home=/srv/TA-unix
 tag_prefix=nix_ta_
 syslog_server=192.168.1.1
 run_minute=2
 run_hour=6
 facility=
 [ -r /etc/nix_ta.conf ] && . /etc/nix_ta.conf
 # Get the current minute now to be consistent through the script run
 minute=$(printf "%d" $((10#$(date +%M))))
 # Get the current hour now to be consistent through the script run
 hour=$(printf "%d" $((10#$(date +%H))))
 # Set defaults disabling force-mode and list-mode
 force=0
 list=0
 usage() {
  echo "usage: $(basename $0) [-h] [-f] [-l] [script]"
  echo "          -h: print this help text"
  echo "          -f: run all enabled scripts regardless of interval"
  echo "          -l: list scripts, enabled status, and interval (if enabled)"
  exit
 }
 # Get the command line options
 while getopts ":hlf" opt; do
  case $opt in
    f) force=1 ;;
    l) list=1 ;;
    *) usage ;;
  esac
 done
 shift $((OPTIND -1))
 # Function to actually run the script and pipe it to logger
 runit() {
  [ -z "$1" ] && return 1
  if [ -x $ta_home/bin/$1.sh ]; then
    if [ -n "$facility" ]; then
      { $ta_home/bin/$1.sh 2> /dev/null; echo; } | logger -p $facility -t ${tag_prefix}$(echo $1|tr '[A-Z]' '[a-z]')
    else
      { $ta_home/bin/$1.sh 2> /dev/null; echo; } | logger -n $syslog_server -t ${tag_prefix}$(echo $1|tr '[A-Z]' '[a-z]')
    fi
  else
    echo Could not find $1 in $ta_home/bin
    return 1
  fi
 }
 # Check the inputs.conf to see if any of the checks are disabled
 declare -A scripts
 declare -A intervals
 # Load defaults first
 if [ -r $ta_home/default/inputs.conf ]; then
  eval $(awk -F '[=#]' '
    /^\[/{name=""}
    /^\[script:\/\//{n=split($1,a,"/");name=gensub(/\.[a-z]+\]/,"",1,a[n]);printf "scripts[%s]=1\nintervals[%s]=60\n",name,name}
    name!="" && $1~/(^|\s*)disabled(\s*|$)/ {disabled=gensub(/(^ | $)/,"","g",gensub(/true/,"1",1,gensub(/false/,"0",1,$2)));printf "scripts[%s]=%s\n",name,disabled}
    name!="" && $1~/(^|\s*)interval(\s*|$)/ {interval=gensub(/(^ | $)/,"","g",$2);printf "intervals[%s]=%s\n",name,interval}
    ' $ta_home/default/inputs.conf)
 fi
 # See if any defaults are overridden in the local directory
 if [ -r $ta_home/local/inputs.conf ]; then
  eval $(awk -F '[=#]' '
    /^\[/{name="";disabled=1;interval=60}
    /^\[script:\/\//{n=split($1,a,"/");name=gensub(/\.[a-z]+\]/,"",1,a[n])}
    name!="" && $1~/(^|\s*)disabled(\s*|$)/ {disabled=gensub(/(^ | $)/,"","g",gensub(/true/,"1",1,gensub(/false/,"0",1,$2)));printf "scripts[%s]=%s\n",name,disabled}
    name!="" && $1~/(^|\s*)interval(\s*|$)/ {interval=gensub(/(^ | $)/,"","g",$2);printf "intervals[%s]=%s\n",name,interval}
    ' $ta_home/local/inputs.conf)
 fi
 # If -l, just print the scripts
 if [ $list = 1 ]; then
  for script in "${!scripts[@]}"; do
    if [ "${scripts[$script]}" = "0" ]; then
      echo "$script is enabled (${intervals[$script]} seconds)"
    else
      echo "$script is disabled"
    fi
  done
  exit
 fi
 # If a script is specified on the command line, run it (even if disabled)
 if [ "$1" ]; then
  runit $1
  exit
 fi
 # Without -l or -f, loop through the enabled scripts and run them at their interval
 for script in "${!scripts[@]}"; do
  # Only run enabled scripts
  if [ "${scripts[$script]}" = "0" ]; then
    i=${intervals[$script]}
    [ $i -lt 60 ] && i=60
    min=$((i/60))
    # If -f, always run each script
    if [ $force = 1 ]; then
      runit $script
    # If interval is 60 seconds or less, run every minute
    elif [ $min -le 1 ]; then
      runit $script
    # If the current minute is divisible by the number of interval minutes, run
    # example: 600 is 5 minutes, it'll run at 0, 5, 10, 15, ... minutes
    elif [ $((minute % min)) = 0 ]; then
      runit $script
    # If interval is an hour or more
    elif [ $min -gt 60 ]; then
      hr=$((i/60/60))
      # If interval is 1 hour or less, run every hour on $run_minute
      if [ $hr -le 1 ] && [ $minute = $run_minute ]; then
        runit $script
      # If the current hour is divisible by the number of interval hours, run
      # example: 21600 is 6 hours, it'll run at 0, 6, 12, 18 hours
      elif [ $((hour % hr)) = 0 ] && [ $minute = $run_minute ]; then
        runit $script
      # If the number of hours is 24 or more, run every day at $run_hour:$run_minute
      elif [ $hr -ge 24 ] && [ $hour = $run_hour ] && [ $minute = $run_minute ]; then
        runit $script
      fi
    fi
  fi
 done
--- a/extra/syslog_inputs_nix_ta/metadata/default.meta
+++ b/extra/syslog_inputs_nix_ta/metadata/default.meta
@ -1,4 +0,0 @@
 # Application-level permissions
 []
 access = read : [ * ], write : [ admin , sc_admin ]
 export = system
--- a/splunkbase.manifest
+++ b/splunkbase.manifest
@ -0,0 +1,359 @@
 {
  "version": "1.0",
  "date": "2025-02-04T11:38:22.666904374Z",
  "hashAlgorithm": "SHA-256",
  "app": {
    "id": 833,
    "version": "10.0.0",
    "files": [
      {
        "path": "LICENSES/Apache-2.0.txt",
        "hash": "d3910dee6fe9fe134856d76268fe82adb1ade1ecf51b3568b7da6b94894b88f3"
      },
      {
        "path": "LICENSES/LicenseRef-Splunk-8-2021.txt",
        "hash": "37906d637abbbeca35cfb2efcb658cabbc0208d101848372c1e55fbf9ba62e47"
      },
      {
        "path": "README/restmap.conf.spec",
        "hash": "5cc8f9508cd792137e1a2129763dd78e9275a0c2f8d3cf7fc25b72848a07d869"
      },
      {
        "path": "README.txt",
        "hash": "106e6203d3ff66f04cac953385cb517cff459b572f8d52adf71a8a59c5851776"
      },
      {
        "path": "THIRDPARTY",
        "hash": "e30015ede460c622a205889b17874cd7261a7903442be1750b982cde6de5ab52"
      },
      {
        "path": "VERSION",
        "hash": "cda5bf0ca405341ecb098ba217bbcf8b4b2e83dc54d559b623093b211e3ee413"
      },
      {
        "path": "app.manifest",
        "hash": "672bddb913818d3f15a6762f41b5dd0dcef93de2c0758e0d0340ca3f6b1cf15f"
      },
      {
        "path": "appserver/static/appIcon.png",
        "hash": "6cb62d7fd2d90e69d66c3e4fbede9692f9d650176a7a9ec06edd4026f1de580a"
      },
      {
        "path": "appserver/static/components/js_sdk_extensions/common.js",
        "hash": "295fe307ec286b9b4eb89c4b59dbd6204376e63b7346c26fd1b087446db372c2"
      },
      {
        "path": "appserver/static/components/js_sdk_extensions/monitor_inputs.js",
        "hash": "27af704acaeb3b98c78ad5322a6171e1b748b5650be809f5d92a4e5618529123"
      },
      {
        "path": "appserver/static/components/js_sdk_extensions/scripted_inputs.js",
        "hash": "6fe5d6f31a60a86d9988170e1641f13eb315351f890c2247c6de83b3aa372e26"
      },
      {
        "path": "appserver/static/setup.css",
        "hash": "f27882e6a07bbd87f99f95d77211439e71959efae6d52ce4771ce26d06e0bcc9"
      },
      {
        "path": "appserver/static/setup.js",
        "hash": "a3d4e2567779b605a97daa3ced2fc49a8e487a5ec4ee95080392824eb74e7e11"
      },
      {
        "path": "appserver/static/setup_cloud.js",
        "hash": "00875c907fd0dc80fa5d05130c28410a8abd99a0ff43da86c6af87e01d8a21da"
      },
      {
        "path": "bin/bandwidth.sh",
        "hash": "14682eacdc5ab8849ce3e786c05d0140ea166b6f28403106e433048c09533146"
      },
      {
        "path": "bin/common.sh",
        "hash": "6569707362169122ec6a41c9345ed00e09e0913e3855ccb68a21ade3c1c9012d"
      },
      {
        "path": "bin/cpu.sh",
        "hash": "5d1bc8ba07595872eee78d55136c1bd419a9b63aafd1a10ded78ee3ef186782d"
      },
      {
        "path": "bin/cpu_metric.sh",
        "hash": "30b3d257d73ff3e656c8f8b414cbec0afe0ac52838a7a5a2db3f1d64f74211ee"
      },
      {
        "path": "bin/df.sh",
        "hash": "27b0ad779340e6bd8a26e296ce9b0b9cd2721eaadcf4669e5579560a676c9db7"
      },
      {
        "path": "bin/df_metric.sh",
        "hash": "4457b92d8d8ee24441eb38df2134113f5a821111b7c3573b48313adcee39d3e8"
      },
      {
        "path": "bin/hardware.sh",
        "hash": "20e341826d21047e9cc3b7cd632422f6b9a0364282333616c1f912b4dddb7093"
      },
      {
        "path": "bin/interfaces.sh",
        "hash": "ebdd6823f6db05bc76ebdbfb61d1fda63959fd334cf59d2e038ea7bae64355b7"
      },
      {
        "path": "bin/interfaces_metric.sh",
        "hash": "9458deb6ba4c56a22264df75d42945e170f6f1a729d93220617c85810733ef19"
      },
      {
        "path": "bin/iostat.sh",
        "hash": "505a4694c4879fd8ed155394be51431c9839fc9f980077abb0416f844f09d722"
      },
      {
        "path": "bin/iostat_metric.sh",
        "hash": "4af68e89e6a93fa34ccd724ff78a509b7868bc06e60a4f16a6aa24d300d8efc8"
      },
      {
        "path": "bin/lastlog.sh",
        "hash": "1c52c7e734cdc91a9644c243131e6e82e301f48ff4a4c8b88e68ed69917e6233"
      },
      {
        "path": "bin/lsof.sh",
        "hash": "a98a9c64496a081c395e00b692f5eca25ae186cc050c0f31d5425a561fdc63a1"
      },
      {
        "path": "bin/netstat.sh",
        "hash": "a5ef9833cf21c6572431f32991d153a625510a4b0553fe6f56d07bb4f4914b2e"
      },
      {
        "path": "bin/nfsiostat.sh",
        "hash": "c2f50340c82964bcf18710ed787b72354ebf83eacbcdb7b9a58e28c2299802d8"
      },
      {
        "path": "bin/openPorts.sh",
        "hash": "9f7cb2a7f9e8b43ceb7e22930ea125855e64527caa13d76b5c219ec473b899c5"
      },
      {
        "path": "bin/openPortsEnhanced.sh",
        "hash": "d7e19798aec7fb3244b6fe36fce28ca3fc8951a0e38d0516f5ef8c1b06197246"
      },
      {
        "path": "bin/package.sh",
        "hash": "d9da2664cc2b913285d595e7c74dab9e5a6f1703d44e8f517e9b62a5ba70496a"
      },
      {
        "path": "bin/passwd.sh",
        "hash": "4ab37e3c9d07842777ed42f8b22adfe8fe05a9ab0758e833fdc885a26237bafe"
      },
      {
        "path": "bin/protocol.sh",
        "hash": "61e372f670cb74131890a2c0ff381891c83337687b6809f31bf920a99f5bd432"
      },
      {
        "path": "bin/ps.sh",
        "hash": "3a6ebc99c1b5207d54c885338cf06b22f343c1f64a6048d03fd0bf48b82d41b5"
      },
      {
        "path": "bin/ps_metric.sh",
        "hash": "0c3dc356f47728b9b99be79fffe40256eded1644f599b1bbe8b1a9e8db05b10d"
      },
      {
        "path": "bin/rlog.sh",
        "hash": "271fcaf091527670df3e794c29d7bf57d1371909c72c25d56c79dd136b029513"
      },
      {
        "path": "bin/selinuxChecker.sh",
        "hash": "07135df789924f8d4f5ae8228ccbfe0a5e47756de202fcf00a019a12712d8312"
      },
      {
        "path": "bin/service.sh",
        "hash": "d579051391bd1af365bdda6016e3529009e0e7b62e1846fdcdb755b36f0d7c49"
      },
      {
        "path": "bin/setup.sh",
        "hash": "b0263d112fa183411bfe141840d697217025856d44fa67be6d14b240728b7062"
      },
      {
        "path": "bin/setupservice.py",
        "hash": "c69d1b0b4a10ec966c2e752b7ec1c3f4be5ca3721626bbab62ddfe1509d15137"
      },
      {
        "path": "bin/sshdChecker.sh",
        "hash": "ba9ada21b413a1f7ea5ab7850314e96b03c8a3369267af24d9cf2d8f76edb6dc"
      },
      {
        "path": "bin/time.sh",
        "hash": "1072cf254e0aa99bfbfd25bf95ba93d5679bcbc16287d60c11a16103998ca2cd"
      },
      {
        "path": "bin/top.sh",
        "hash": "f380506de00a3bb51d9351108057e498cd8211e3ade7c16fa65121d3ff66ba1d"
      },
      {
        "path": "bin/update.sh",
        "hash": "ebf6c54aa23d171d4204981f82a3e32125ce02a02ae592b939c7ddff375afd71"
      },
      {
        "path": "bin/uptime.sh",
        "hash": "2770952e0c29a92e37d2d23a8a93223812e2facd4597c50e3e832439fdbdf600"
      },
      {
        "path": "bin/usersWithLoginPrivs.sh",
        "hash": "0006baa9bc57e6b5711e557b6532b8c48b29d42bca6364d664042d2aa6f2cf12"
      },
      {
        "path": "bin/version.sh",
        "hash": "a9e28c5ddd56a8b25da85ab7c4bb3dec939401ad210453b39209c059a9d735d2"
      },
      {
        "path": "bin/vmstat.sh",
        "hash": "b816aa5e67ad18b995eb577e16ca7c91ae3ecdeeb019d0b79321ade83a90daef"
      },
      {
        "path": "bin/vmstat_metric.sh",
        "hash": "47df351e2afd7abedb49f8d38f5350ce6276fdb512005ba56e7ff9692f581515"
      },
      {
        "path": "bin/vsftpdChecker.sh",
        "hash": "0009c03f72289e5b7b692cb74951382d1a6d4c3698ef5b08b74e468f3dfe199f"
      },
      {
        "path": "bin/who.sh",
        "hash": "47318dee6246abfd577984383ac134225a84e0dcf0753413f88b7f2be5a8087d"
      },
      {
        "path": "default/app.conf",
        "hash": "bf761213f1ac3ce27e3391dc22a82db31f00f7afbeac4961aea849448ec60fa3"
      },
      {
        "path": "default/data/ui/nav/default.xml",
        "hash": "36078398f91fa377c21f2369271797cc0016b8ba1a6f271e327cce2809f2711d"
      },
      {
        "path": "default/data/ui/views/ta_nix_configuration.env_cloud.xml",
        "hash": "7176b693e2eeb2757d6a5a9651e793141a52b5b36f4b229c31f4ab3e970e8510"
      },
      {
        "path": "default/data/ui/views/ta_nix_configuration.xml",
        "hash": "2d30308510e08aea0a190984fda45b708ab373768796494202a4813c37ef74d2"
      },
      {
        "path": "default/eventtypes.conf",
        "hash": "a7796bdb4f40330bf674c34d8f45a67151cd7e5bdadeaa46b7fca1c4e122d07a"
      },
      {
        "path": "default/inputs.conf",
        "hash": "0eff320f7aba6d35e27e8a0ae0837ad6c4340f9e84a9cdfb71e8162a97ecc782"
      },
      {
        "path": "default/macros.conf",
        "hash": "0daf589bcfbd430f45b55ed3f3d0784f8ad6e79d75300fac9c2604a79fc7f4dc"
      },
      {
        "path": "default/props.conf",
        "hash": "194b6dbb7b228c2d0e124f64a5ee8a137a7fdbb56681b78418f513821f09e0c1"
      },
      {
        "path": "default/restmap.conf",
        "hash": "2774f5332efc8bfeebb88a1d771b8d65cca9197666d0c5e9a4a371b8ed468d73"
      },
      {
        "path": "default/tags.conf",
        "hash": "f055d2f3fd959b0af6c48b0494dadc36009b7a90fb5d1a83e0e6784c898d8e05"
      },
      {
        "path": "default/transforms.conf",
        "hash": "7d57050a65dd01efba192a5e74bbf74d9bfb54a240608ac265e57423c000b5ff"
      },
      {
        "path": "default/web.conf",
        "hash": "75f12a6541d22c27d526ab544973398ae4b6d5aa1e57e8e4b22e845e564a2e56"
      },
      {
        "path": "lookups/nix_da_update_status.csv",
        "hash": "a9a794b39377946e0dcb5f70c9c8ba6114fec1728512c9f39cfb0f3eca46159c"
      },
      {
        "path": "lookups/nix_da_version_ranges.csv",
        "hash": "992529c548d8273e073a988d089fbd5c7fa5c1ef47d51243e9da9dfb77eba6d2"
      },
      {
        "path": "lookups/nix_linux_audit_action_object_category.csv",
        "hash": "5838950fd3cade537dea91d1dcdcbd10532457fa7de07d397bfc699e56a19867"
      },
      {
        "path": "lookups/nix_linux_service_startmodes.csv",
        "hash": "dd669b358909f4d9be9d0aef9f4720e78a290e422a90ec3e3cdabe39ed9b8be2"
      },
      {
        "path": "lookups/nix_vendor_actions.csv",
        "hash": "f287b03905a705fed92dd4a1d1cf060c16b9521aba80b06494af8d5e8530fa97"
      },
      {
        "path": "metadata/default.meta",
        "hash": "6fa3057938996152cdfeddb46b20a1c079966ba87a56cf7c13c9d35f3caaf2e7"
      },
      {
        "path": "static/appIcon.png",
        "hash": "6cb62d7fd2d90e69d66c3e4fbede9692f9d650176a7a9ec06edd4026f1de580a"
      },
      {
        "path": "static/appIconAlt.png",
        "hash": "6cb62d7fd2d90e69d66c3e4fbede9692f9d650176a7a9ec06edd4026f1de580a"
      },
      {
        "path": "static/appIconAlt_2x.png",
        "hash": "d7ad6f1263583f5b280b52be4f8806b0d22a4aa6e328a0209212697b6734570c"
      },
      {
        "path": "static/appIconLg.png",
        "hash": "d7ad6f1263583f5b280b52be4f8806b0d22a4aa6e328a0209212697b6734570c"
      },
      {
        "path": "static/appIconLg_2x.png",
        "hash": "11ca7ef68587f5f1bacbbcb24b85924089724bcf02610b512f899fadac186f34"
      },
      {
        "path": "static/appIcon_2x.png",
        "hash": "d7ad6f1263583f5b280b52be4f8806b0d22a4aa6e328a0209212697b6734570c"
      }
    ]
  },
  "products": [
    {
      "platform": "splunk",
      "product": "enterprise",
      "versions": [
        "9.1",
        "9.2",
        "9.3",
        "9.4"
      ],
      "architectures": [
        "x86_64"
      ],
      "operatingSystems": [
        "windows",
        "linux",
        "macos",
        "freebsd",
        "solaris",
        "aix"
      ]
    },
    {
      "platform": "splunk",
      "product": "cloud",
      "versions": [
        "9.1",
        "9.2",
        "9.3",
        "9.4"
      ],
      "architectures": [
        "x86_64"
      ],
      "operatingSystems": [
        "windows",
        "linux",
        "macos",
        "freebsd",
        "solaris",
        "aix"
      ]
    }
  ]
 }