Splunkbase Apps2010-09-02T23:06:51+00:00http://www.splunkbase.com/api/apps/entries?&offset=0&count=10122101NetCat Shell2010-07-30T19:33:57+00:00http://www.splunkbase.com/api/apps/entries/NetCat+Shelljklemenc16jklemenc2010-07-30T19:33:56+00:002010-07-30T19:33:57+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/NetCat+Shell1.0No Data01http://www.splunkbase.com/apps/NetCat+Shell000000003.0.04.999.999Spawn a netcat listener piped to a shell. To connect, simply launch, from another machine, nc <splunk server> 5555 in one window and nc <splunk server> 6666 in another window. Type UNIX commands in the first window and view the output in the second window. WARNING!!! WARNING!!! WARNING!!!! THIS APP IS DANGEROUS AND TO ONLY BE USED IN A CLOSED ENVIRONMENT FOR EXPERIMENTATION PURPOSES!!!! YOUR SERVER *WILL* BE COMPROMISED FROM OUTSIDERS IF YOU LEAVE NETCAT RUNNING OR OTHERWISE ACCESSIBLE BY THE INTERNET!!! YOU HAVE BEEN WARNED!!!! SIMPLY DISABLING THIS APP IN SPLUNK WILL *NOT* KILL THE LISTENERS. YOU WILL NEED TO MANUALLY KILL THE NETCAT LISTENERS FROM THE UNIX COMMAND LINE.
This app was originally created as a proof-of-concept work.TCP or UDP Sending2010-02-25T18:04:09+00:00http://www.splunkbase.com/api/apps/entries/TCP+or+UDP+Sendingndoshi436ndoshi2010-02-03T18:01:15+00:002010-02-25T18:04:09+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/TCP+or+UDP+Sending1.0.2IntegrationInputsClientsNo Data01http://www.splunkbase.com/apps/TCP+or+UDP+Sendinghttp://www.splunkbase.com/apps:screenshot/original/TCP+or+UDP+Sending/icon.jpg3636http://www.splunkbase.com/apps:screenshot/original/TCP+or+UDP+Sending/screenshot.jpg551316http://www.splunkbase.com/apps:screenshot/scaled/TCP+or+UDP+Sending/screenshot.jpg551316http://www.splunkbase.com/apps:screenshot/thumb/TCP+or+UDP+Sending/screenshot.jpg118683.0.04.999.999This distribution shows a simple approach to sending TCP or UDP data to Splunk
using included python scripts. In addition, test programs have been provided
to test TCP or UDP connections from one machine to another without using Splunk
to make sure there are no firewalls or policies that prevent connections
or receiving of data. This would be one way to debug why a forwarder cannot
send data to a port on another machine. Gunzip and Untar the distribution into SPLUNK_HOME/etc/apps and read the README.txt for instructions.JMS Receiver for Indexing2010-02-03T23:21:08+00:00http://www.splunkbase.com/api/apps/entries/JMS+Receiver+for+Indexingndoshi86ndoshi2010-02-03T23:21:07+00:002010-02-03T23:21:08+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/JMS+Receiver+for+Indexing1.0Scripted InputsInputsCustom ProcessingClientsNo Data01http://www.splunkbase.com/apps/JMS+Receiver+for+Indexinghttp://www.splunkbase.com/apps:screenshot/original/JMS+Receiver+for+Indexing/icon.jpg3636http://www.splunkbase.com/apps:screenshot/original/JMS+Receiver+for+Indexing/screenshot.jpg170113http://www.splunkbase.com/apps:screenshot/scaled/JMS+Receiver+for+Indexing/screenshot.jpg170113http://www.splunkbase.com/apps:screenshot/thumb/JMS+Receiver+for+Indexing/screenshot.jpg110733.0.04.999.999This distribution is a working example for indexing messages that are sent to JMS Queues.
Although the example heavily relies on WebLogic Server 10.3, it could be modified to work with
any JMS provider. Messages are delivered to a JMS Queue and Splunk is configured to run
a scripted input once to call a JMS Queue consumer. Every message the consumer receives
will be sent to standard output to be indexed. Although the distribution has been built
on Windows, it should be able to run on any platform supported by Splunk and the JMS
provider. To begin with, gunzip and untar the distribution into
SPLUNK_HOME\etc\apps and follow the instructions in the README.txtSplunk for IMAP2009-11-17T01:32:28+00:00http://www.splunkbase.com/api/apps/entries/Splunk+for+IMAPerik4067erikerik@splunk.com2007-08-19T04:54:12+00:002009-11-17T01:32:28+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/Splunk+for+IMAP1.20SearchesScripted InputsInputs4.040http://www.splunkbase.com/apps/Splunk+for+IMAPhttp://www.splunkbase.com/apps:screenshot/original/Splunk+for+IMAP/icon.jpg4133http://www.splunkbase.com/apps:screenshot/original/Splunk+for+IMAP/screenshot.jpg12988http://www.splunkbase.com/apps:screenshot/scaled/Splunk+for+IMAP/screenshot.jpg12988http://www.splunkbase.com/apps:screenshot/thumb/Splunk+for+IMAP/screenshot.jpg107733.0.04.999.999This application will continually download mail from an imap account where it is indexed by a Splunk server. You can do cool things like see how often you get mail from someone, graph by size, time, etc.Indexing events from Multicast address2009-10-15T21:45:21+00:00http://www.splunkbase.com/api/apps/entries/Indexing+events+from+Multicast+addressndoshi238ndoshinimish@splunk.com2009-09-30T18:58:11+00:002009-10-15T21:45:21+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/Indexing+events+from+Multicast+address1.0.1Scripted InputsIntegrationNo Data01http://www.splunkbase.com/apps/Indexing+events+from+Multicast+addresshttp://www.splunkbase.com/apps:screenshot/original/Indexing+events+from+Multicast+address/icon.jpg36360000003.0.04.999.999This app contains an example scripted input to test receiving and indexing
data that is sent to a multicast address and port.
I have simply used publicly available code to show one way to get scripted input
to listen on a multicast address and port to index mutlticast data. Generally,
it is not recommended to broadcast log files to all machines as UDP receiving
may be unreliable and flooding the network with packets that are only going to
be received by a few machines is inefficient. However, if there are
applications that need to multicast signal data and you are interested in
indexing and searching this data, the provided distribution may be useful.
Read the README.txt for configurationAudible Alerts using Nabaztag:Tag (Wifi Rabbit)2009-10-15T21:39:58+00:00http://www.splunkbase.com/api/apps/entries/Audible+Alerts+using+Nabaztag%3ATag+%28Wifi+Rabbit%29ndoshi188ndoshinimish@splunk.com2009-04-10T19:18:03+00:002009-10-15T21:39:58+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/Audible+Alerts+using+Nabaztag%3ATag+%28Wifi+Rabbit%291.0.1IntegrationAlertsNo Data01http://www.splunkbase.com/apps/Audible+Alerts+using+Nabaztag%3ATag+%28Wifi+Rabbit%29http://www.splunkbase.com/apps:screenshot/original/Audible+Alerts+using+Nabaztag%3ATag+%28Wifi+Rabbit%29/icon.jpg36360000003.0.04.999.999This application is an example of sending audible alerts to a device using the REST API of the device. The idea is that there are times when you would want to receive alerts beyond the usual text based alerts, especially when you may be in a remote location.
This script runs as a scripted alert in Splunk to send an audible alert to
a Nabaztag:Tag (robot rabbit from http://www.violet.net/)
whenever the alert conditions are met. It uses Violet's REST API to send
the message. Currently, the script uses daily, weekday and weekend to control what days
the email alert should be sent. It also provides start and end hours when
the alert should be active.
Installation:
Use tar zxvf to uncompress and untar the distribution. Then, read the README for further instructions.
Requirements: Wireless Router and Nabaztag:TagEncrypt and Decrypt data within Events2009-10-15T21:35:43+00:00http://www.splunkbase.com/api/apps/entries/Encrypt+and+Decrypt+data+within+Eventsndoshi202ndoshinimish@splunk.com2009-10-07T17:23:55+00:002009-10-15T21:35:43+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/Encrypt+and+Decrypt+data+within+Events1.0.1Search CommandsInputsCustom ProcessingNo Data11http://www.splunkbase.com/apps/Encrypt+and+Decrypt+data+within+Eventshttp://www.splunkbase.com/apps:screenshot/original/Encrypt+and+Decrypt+data+within+Events/icon.jpg36360000003.0.04.999.999The purpose of this distribution is to create an easy way to encrypt data
within events and decrypt data at search time depending on the role. The
distribution uses pyDes available at http://twhiteman.netfirms.com/des.html
The basic idea is to first encrypt data within an event and produce a new file
with the same content as before, but with the data matching group(1) in a
regular expression encrypted and saved on disk using base64. The next thing
to do is index the newly required file into Splunk with a sourcetype.
At search time, you will then be able to decrypt the data within the event
based on your role's ability to run the supplied decrypt command. Read the README.txt for installation and usage.RSS Scripted Input2009-10-15T21:15:05+00:00http://www.splunkbase.com/api/apps/entries/RSS+Scripted+Inputndoshi363ndoshinimish@splunk.com2009-08-13T23:40:34+00:002009-10-15T21:15:05+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/RSS+Scripted+Input1.0.2Scripted InputsInputsFieldsNo Data01http://www.splunkbase.com/apps/RSS+Scripted+Inputhttp://www.splunkbase.com/apps:screenshot/original/RSS+Scripted+Input/icon.jpg36360000003.0.04.999.999This is a simple application to take the content of any RSS feed and index
its metadata (date, title, link, and description) into Splunk. A scripted input calls rss.sh every 600
seconds, which in turn, calls the supplied Python program, rssfeed.py to
gather the rss feeds. RSS feeds are supplied via a file passed on the command
line. A sample file, feeds.txt, is provided for testing. This program uses the
open source feedparser from www.feedparser.org for its RSS parser.
Installation:
Gunzip and un tar the distirbution into $SPLUNK_HOME/etc/apps and read the README.txtLog POST or GET Request Parameters2009-10-15T21:10:36+00:00http://www.splunkbase.com/api/apps/entries/Log+POST+or+GET+Request+Parametersndoshi1786ndoshinimish@splunk.com2009-02-18T23:39:11+00:002009-10-15T21:10:36+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/Log+POST+or+GET+Request+Parameters1.1.1IntegrationInputsCustom ProcessingNo Data01http://www.splunkbase.com/apps/Log+POST+or+GET+Request+Parametershttp://www.splunkbase.com/apps:screenshot/original/Log+POST+or+GET+Request+Parameters/icon.jpg36360000003.0.04.999.999This application consists of a servlet that captures the POST and/or GET
parameters for any HTTP request and sends to standard output a set of
<tag>=<value> terms seen as an event in Splunk. Because tag=value are the
terms in the events, automatic field extraction for search and reports will
occur for these terms. The purpose of this boiler plate Java Servlet is to
serve as a parameter collector for HTTP POST and GET requests that can be
customized for deployment.
The servlet developed here was tested on Apache Tomcat 6.x, although it should
work in any servlet container. To further solidify it's usage, the user
may want to investigate using log4j as the framework for log collection. In
the Tomcat implementation, the output is captured in a configurable log rotated
file to be monitored by Splunk.
*** OPTIONAL ***
This version also includes a servlet that uses the log4j framework.
tar -zxvf the distribution and read the README for installation notes.Use Python Mail for Scripted Alerts2009-10-15T21:03:42+00:00http://www.splunkbase.com/api/apps/entries/Use+Python+Mail+for+Scripted+Alertsndoshi574ndoshinimish@splunk.com2009-03-03T20:10:07+00:002009-10-15T21:03:42+00:00FreeCreative Commonshttp://www.splunkbase.com/apps:license/Use+Python+Mail+for+Scripted+Alerts1.0.1Custom ProcessingAlertsNo Data01http://www.splunkbase.com/apps/Use+Python+Mail+for+Scripted+Alertshttp://www.splunkbase.com/apps:screenshot/original/Use+Python+Mail+for+Scripted+Alerts/icon.jpg36360000003.0.04.999.999This script runs as a scripted alert in Splunk to send mail to recipients
whenever the alert conditions are met. It is similar in concept to the Javamail application available on Splunkbase. It uses Python to send the message.
The intent is to provide a framework to control when email should be sent.
Currently, the script uses Daily, Weekday, and Weekend to control what days
the email alert should be sent. With this in mind the included Python program
can be modified to also include what hours of the day email should be sent.
Installation:
Use tar zxvf to uncompress and untar the distribution and read the README.txt.