Warning

This app is archived. App archiving documentation

Splunk App for OSquery app icon

Splunk App for OSquery

OSquery is an operating system instrumentation framework for OS X, Linux, and FreeBSD. It enables you to gather a variety of system and monitoring information.

Built by
splunk product badge
screenshot
screenshot
screenshot
screenshot
Latest Version 1.0
August 22, 2016
Compatibility
Splunk Enterprise
Rating

5

(3)

Log in to rate this app
Support
Splunk App for OSquery support icon
Not Supported
OSquery is an operating system instrumentation framework for OS X, Linux, and FreeBSD. It enables you to gather a variety of system and monitoring information. OSquery docs: http://osquery.readthedocs.io/en/stable/ Note: I use default directory locations for Splunk and OSquery Splunk App Installation: Install like a standard app in the Splunk "apps" directory on your search head(s). Splunk Forwarder Configuration: [monitor:///var/log/osquery/osqueryd.results.log] sourcetype = osqueryd.results The searches are built off of the "osqueryd.results" sourcetype. If you'd like to use a different sourcetype the dashboards will need to be updated. Plan to update this in the future.

Categories

IT Operations, Security, Fraud & Compliance

Created By

Thomas Przelomiec

Type

app

Downloads

3,985

Licensing

End User License Agreement for Third-Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing