2010-02-09T15:27:03+00:00 http://www.splunkbase.com/api/apps/entries/?type=Custom_Processing 17 10 1 2010-02-03T23:21:08+00:00 http://www.splunkbase.com/api/apps/entries/JMS+Receiver+for+Indexing ndoshi 2 ndoshi 2010-02-03T23:21:07+00:00 2010-02-03T23:21:08+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/JMS+Receiver+for+Indexing 1.0 Scripted Inputs Inputs Custom Processing Clients No Data 0 1 http://www.splunkbase.com/apps/JMS+Receiver+for+Indexing http://www.splunkbase.com/apps:screenshot/original/JMS+Receiver+for+Indexing/icon.jpg 36 36 http://www.splunkbase.com/apps:screenshot/original/JMS+Receiver+for+Indexing/screenshot.jpg 170 113 http://www.splunkbase.com/apps:screenshot/scaled/JMS+Receiver+for+Indexing/screenshot.jpg 170 113 http://www.splunkbase.com/apps:screenshot/thumb/JMS+Receiver+for+Indexing/screenshot.jpg 110 73 3.0.0 4.999.999

This distribution is a working example for indexing messages that are sent to JMS Queues. Although the example heavily relies on WebLogic Server 10.3, it could be modified to work with any JMS provider. Messages are delivered to a JMS Queue and Splunk is configured to run a scripted input once to call a JMS Queue consumer. Every message the consumer receives will be sent to standard output to be indexed. Although the distribution has been built on Windows, it should be able to run on any platform supported by Splunk and the JMS provider. To begin with, gunzip and untar the distribution into SPLUNK_HOME\etc\apps and follow the instructions in the README.txt

2009-10-15T21:35:43+00:00 http://www.splunkbase.com/api/apps/entries/Encrypt+and+Decrypt+data+within+Events ndoshi 111 ndoshi nimish@splunk.com 2009-10-07T17:23:55+00:00 2009-10-15T21:35:43+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Encrypt+and+Decrypt+data+within+Events 1.0.1 Search Commands Inputs Custom Processing No Data 1 1 http://www.splunkbase.com/apps/Encrypt+and+Decrypt+data+within+Events http://www.splunkbase.com/apps:screenshot/original/Encrypt+and+Decrypt+data+within+Events/icon.jpg 36 36 0 0 0 0 0 0 3.0.0 4.999.999

The purpose of this distribution is to create an easy way to encrypt data within events and decrypt data at search time depending on the role. The distribution uses pyDes available at http://twhiteman.netfirms.com/des.html The basic idea is to first encrypt data within an event and produce a new file with the same content as before, but with the data matching group(1) in a regular expression encrypted and saved on disk using base64. The next thing to do is index the newly required file into Splunk with a sourcetype. At search time, you will then be able to decrypt the data within the event based on your role's ability to run the supplied decrypt command. Read the README.txt for installation and usage.

2009-10-15T21:10:36+00:00 http://www.splunkbase.com/api/apps/entries/Capture+HTTP+POST+or+GET+Request+Parameters ndoshi 1257 ndoshi nimish@splunk.com 2009-02-18T23:39:11+00:00 2009-10-15T21:10:36+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Capture+HTTP+POST+or+GET+Request+Parameters 1.1.1 Integration Inputs Custom Processing No Data 0 1 http://www.splunkbase.com/apps/Capture+HTTP+POST+or+GET+Request+Parameters http://www.splunkbase.com/apps:screenshot/original/Capture+HTTP+POST+or+GET+Request+Parameters/icon.jpg 36 36 0 0 0 0 0 0 3.0.0 4.999.999

This application consists of a servlet that captures the POST and/or GET parameters for any HTTP request and sends to standard output a set of <tag>=<value> terms seen as an event in Splunk. Because tag=value are the terms in the events, automatic field extraction for search and reports will occur for these terms. The purpose of this boiler plate Java Servlet is to serve as a parameter collector for HTTP POST and GET requests that can be customized for deployment. The servlet developed here was tested on Apache Tomcat 6.x, although it should work in any servlet container. To further solidify it's usage, the user may want to investigate using log4j as the framework for log collection. In the Tomcat implementation, the output is captured in a configurable log rotated file to be monitored by Splunk. *** OPTIONAL *** This version also includes a servlet that uses the log4j framework. tar -zxvf the distribution and read the README for installation notes.

2009-10-15T21:03:42+00:00 http://www.splunkbase.com/api/apps/entries/Use+Python+Mail+for+Scripted+Alerts ndoshi 393 ndoshi nimish@splunk.com 2009-03-03T20:10:07+00:00 2009-10-15T21:03:42+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Use+Python+Mail+for+Scripted+Alerts 1.0.1 Custom Processing Alerts No Data 0 1 http://www.splunkbase.com/apps/Use+Python+Mail+for+Scripted+Alerts http://www.splunkbase.com/apps:screenshot/original/Use+Python+Mail+for+Scripted+Alerts/icon.jpg 36 36 0 0 0 0 0 0 3.0.0 4.999.999

This script runs as a scripted alert in Splunk to send mail to recipients whenever the alert conditions are met. It is similar in concept to the Javamail application available on Splunkbase. It uses Python to send the message. The intent is to provide a framework to control when email should be sent. Currently, the script uses Daily, Weekday, and Weekend to control what days the email alert should be sent. With this in mind the included Python program can be modified to also include what hours of the day email should be sent. Installation: Use tar zxvf to uncompress and untar the distribution and read the README.txt.

2009-01-27T23:11:25+00:00 http://www.splunkbase.com/api/apps/entries/Sendemail+%28Custom%29 araitz 263 araitz 2009-01-27T23:11:25+00:00 2009-01-27T23:11:25+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Sendemail+%28Custom%29 1.0 Search Commands Custom Processing Alerts No Data 2 0 http://www.splunkbase.com/apps/Sendemail+%28Custom%29 0 0 0 0 0 0 0 0 3.0.0.0 3.999.999

This custom sendemail allows email attributes (e.g. to, from, body, subject) on a per-alert basis.

2009-01-24T06:30:25+00:00 http://www.splunkbase.com/api/apps/entries/Splunk+for+VMware+ESX+Management erik 11220 erik 2008-09-02T21:56:19+00:00 2009-01-24T06:30:25+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Splunk+for+VMware+ESX+Management 1.20 Scripted Inputs Event Types Custom Processing Alerts 4.0 13 1 http://www.splunkbase.com/apps/Splunk+for+VMware+ESX+Management 0 0 http://www.splunkbase.com/apps:screenshot/original/Splunk+for+VMware+ESX+Management/screenshot.jpg 135 52 http://www.splunkbase.com/apps:screenshot/scaled/Splunk+for+VMware+ESX+Management/screenshot.jpg 640 247 http://www.splunkbase.com/apps:screenshot/thumb/Splunk+for+VMware+ESX+Management/screenshot.jpg 118 45 3.0.0.0 3.999.999

Splunk indexes all IT data across every tier - the physical servers, hypervisor, VMs, and deployed applications, capturing and persisting 100% of your data in real-time. It includes inputs, indexing, searches, reports and dashboards.

2008-10-23T23:50:16+00:00 http://www.splunkbase.com/api/apps/entries/Script+for+database+inputs rcarney 3152 rcarney 2008-10-23T23:50:16+00:00 2008-10-23T23:50:16+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Script+for+database+inputs 0.1 Scripted Inputs Integration Inputs Custom Processing 3.5 4 1 http://www.splunkbase.com/apps/Script+for+database+inputs 0 0 0 0 0 0 0 0 3.0.0.0 3.999.999

This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.

2008-08-13T17:07:55+00:00 http://www.splunkbase.com/api/apps/entries/Consuming+Splunk+RSS+Feeds+in+Java nimishd 77 nimishd 2008-08-13T17:07:55+00:00 2008-08-13T17:07:55+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Consuming+Splunk+RSS+Feeds+in+Java 1.0 Searches Custom Processing Alerts No Data 0 0 http://www.splunkbase.com/apps/Consuming+Splunk+RSS+Feeds+in+Java 0 0 0 0 0 0 0 0 3.0.0.0 3.999.999

This application demonstrates how to consume an RSS alert feed in Java from any saved search from Splunk. It uses Sun's RSS parser (included) to gather the feed and breaks up the fields into a Java Bean. Since the RSS Splunk Alert presents meta information about saved search, the included Link in the RSS entry is then used within the same command line application to retrieve each entry from the saved search using the Splunk provided Java SDK. It is hoped that this code will be used to better serve the Splunk Java community for: - A method to consume RSS feeds from SPlunk with Java - A way to use the feed's link to gather all entries from a saved search - A foundation to pass search entries to higher level Java applications

2008-04-26T21:28:56+00:00 http://www.splunkbase.com/api/apps/entries/Splunk+Replay Splunk 1361 Splunk 2008-04-26T21:28:55+00:00 2008-04-26T21:28:56+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Splunk+Replay 1.0 Integration Custom Processing No Data 1 1 http://www.splunkbase.com/apps/Splunk+Replay 0 0 http://www.splunkbase.com/apps:screenshot/original/Splunk+Replay/screenshot.jpg 768 576 http://www.splunkbase.com/apps:screenshot/scaled/Splunk+Replay/screenshot.jpg 640 480 http://www.splunkbase.com/apps:screenshot/thumb/Splunk+Replay/screenshot.jpg 97 73 3.0.0.0 3.999.999

Inspired by glTail.rb and Digg Lab’s Stack, Splunk Replay is a Flash-based, data visualization tool which “replays” your Splunk'd logfile activities in an animated layout. Replay generates animated barchart graphs using two extracted fields from the events it receives from Splunk. For example, if you have Splunk eat wiki data, you can plot the wiki user and wiki page they are editing, and then animate those relationships over a given time range. Events particles are emitted from rows on the y-axis and stack up in columns x-axis. When a new row value is created, a random color is assigned to it for the duration of the session. These colors are then used in stacked bars to illustrate the amount of activity for a given row value. Older values on both axis are cycled out if more room is needed for newer data. More information, and instructions for installing replay can be found on the developer's wiki: http://code.google.com/p/splunk-flash/wiki/SplunkReplay

2008-04-04T14:41:38+00:00 http://www.splunkbase.com/api/apps/entries/Splunk+Alert yantisj 1615 yantisj 2008-04-04T14:41:37+00:00 2008-04-04T14:41:38+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Splunk+Alert 1.0 Searches Event Actions Custom Processing Alerts No Data 1 1 http://www.splunkbase.com/apps/Splunk+Alert 0 0 0 0 0 0 0 0 3.0.0.0 3.999.999

Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output