Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an app
Warning

This app is archived. Learn more

Splunk App for OSquery app icon

Splunk App for OSquery

OSquery is an operating system instrumentation framework for OS X, Linux, and FreeBSD. It enables you to gather a variety of system and monitoring information.

Built by
splunk product badge
screenshot
screenshot
screenshot
screenshot
Latest Version 1.0
August 22, 2016
Compatibility
Not Available
Rating

0

(0)

Log in to rate this app
Support
Splunk App for OSquery support icon
Not Supported
OSquery is an operating system instrumentation framework for OS X, Linux, and FreeBSD. It enables you to gather a variety of system and monitoring information. OSquery docs: http://osquery.readthedocs.io/en/stable/ Note: I use default directory locations for Splunk and OSquery Splunk App Installation: Install like a standard app in the Splunk "apps" directory on your search head(s). Splunk Forwarder Configuration: [monitor:///var/log/osquery/osqueryd.results.log] sourcetype = osqueryd.results The searches are built off of the "osqueryd.results" sourcetype. If you'd like to use a different sourcetype the dashboards will need to be updated. Plan to update this in the future.

Categories

Created By

Thomas Przelomiec

Type

app

Downloads

3,861

Licensing

Splunk Answers

Resources

Log in to report this app listing