Skip to main content
 
 
 
Splunk Lantern

All logs and events on a *nix host

 

The log files and events collected from a Linux host provide valuable information that can be used during an investigation to facilitate answering questions about the hosts behavior, state, health, or performance. You want to be able to see all logs and event on a particular host.

Procedure

Run the following search. You can optimize it by specifying an index and adjusting the time range.

host="<name of host to check>" source="<name of source to check>" 
<optional keywords> 

Search explanation

The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.

Splunk Search Explanation
host="<name of host to check>" source="<name of source to check>" Enter the name of the host and source you want to examine. You can also search source=* to search all logs on the host.
<optional keywords>  Use keywords to narrow the search results if you are searching for specific, known events or logs. For instance adding start* service to the search might help uncover instances where a service was started on the host.

Next steps

Use the results to facilitate answering questions about the host's behavior, state, health, or performance.

Additionally, you might be interested in other processes associated with the Maintaining *nix systems use case.