Alerts Apps
Splunkbase is home to the apps and add-ons that run on top of Splunk. Browse the latest apps below, or share your own with the rest of the Splunk community. To learn more about Splunk and download a free Enterprise Trial of our software, visit Splunk.com.
Want to share alerts?
Alert apps allow you to download Splunk alerts other people have created, or to share your own! Even better, an app can have more than one type of content, so you can add alerts to any app.
Splunk for PCI for Splunk 3.x
The Splunk PCI application offers over 57 reports, more than 91 saved searches, a dashboard, and corresponding alerts you can use to satisfy PCI requirements such as secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting.
Splunk for VMware ESX Management
Splunk indexes all IT data across every tier - the physical servers, hypervisor, VMs, and deployed applications, capturing and persisting 100% of your data in real-time. It includes inputs, indexing, searches, reports and dashboards.
Splunk for Change Management
Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files.
Splunk for Unix and Linux
Splunk for *nix provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management. Now you can monitor, manage and troubleshoot *nix operating systems from one place with Splunk for *nix. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data. The app makes getting started with Splunk a breeze.
splunk2nagios
This add-on helps you set up Splunk to Nagios integration
Splunk for Windows for Splunk 3.x
Splunk for Windows application is a compilation of saved searches, eventtypes, inputs, and field extractions for Windows. The extractions are compatible with the Splunk Common Information Model. The application also contains an integration for Microsoft’s System Center Operations Manager.
Splunk for Network Security
The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.
feorlen_twitter_alert
Example of using a 3rd party REST endpoint with a Splunk custom processor. Post a message to Twitter for sourcetype::access_common events containing the string "wikipedia" and add status info to the event so it gets indexed. Includes C++ source and osx-i386 binary.
Negative Searching Demo Bundle
This bundle, created jointly by Maverick and Stephen Sorkin, demonstrates a way to perform negative searches by indexing known patterns and catching anomalous patterns into a separate index.
Nessus Bundle
This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type.
SplunkWidget
Widget for the OS X Dashboard to list your saved searches and alerts. Double click on the uncompressed SplunkWidget to install, see the README.txt file for more info. Requires OS X Tiger, 10.4.3+
Alex's sendemail.py
A modified version of sendemail.py which allows you to configure which fields are displayed in alert emails.
splunk2netcool
splunk2netcool integration for splunk 3.0
Splunk Parse
Splunk Parse (splunk_parse.py) is a python script you can set as your alert action on a saved search. It reads in the fields a saved search passing along and parses the corresponding saved search log file which is in CSV format. The parsing spits out the originating host and the full original problem. In this version it's feed to my ticketing system, but the output action can be easily changed.
Splunk Alert
Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output
Consuming Splunk RSS Feeds in Java
This application demonstrates how to consume an RSS alert feed in Java from any saved search from Splunk. It uses Sun's RSS parser (included) to gather the feed and breaks up the fields into a Java Bean. Since the RSS Splunk Alert presents meta information about saved search, the included Link in the RSS entry is then used within the same command line application to retrieve each entry from the saved search using the Splunk provided Java SDK. It is hoped that this code will be used to better serve the Splunk Java community for: - A method to consume RSS feeds from SPlunk with Java - A way to use the feed's link to gather all entries from a saved search - A foundation to pass search entries to higher level Java applications
FortinetFW
Basic structure to work with syslog files coming from Fortinet Forigate firewall appliances.
FortigateFW
Modified version of nscreen to work with Fortinet Fortigate firewall syslog files.
Use Javamail for Scripted Alerts
This script runs as a scripted alert in Splunk to send mail to recipients whenever the alert conditions are met. It uses JavaMail to send the message. The intent is to provide a framework to control when email should be sent. Currently, the script uses Daily, Weekday, and Weekend to control what days the email alert should be sent. With this in mind the included Java program can be modified to also include what hours of the day email should be sent. The included code uses a US Local, which should be changed to the country of your choice. You can also use the full power of Javamail to send multi-part messages and attachments. Installation: Use tar zxvf to uncompress and untar the file and follow the instructions in the README. You can also modify the script to run on Windows.
Sendemail (Custom)
This custom sendemail allows email attributes (e.g. to, from, body, subject) on a per-alert basis.
Nagios 3.0.6
integration fo a nagios3.0.6 xxxxxxxxxxxxxxxxxxx
Use Python Mail for Scripted Alerts
This script runs as a scripted alert in Splunk to send mail to recipients whenever the alert conditions are met. It is similar in concept to the Javamail application available on Splunkbase. It uses Python to send the message. The intent is to provide a framework to control when email should be sent. Currently, the script uses Daily, Weekday, and Weekend to control what days the email alert should be sent. With this in mind the included Python program can be modified to also include what hours of the day email should be sent. Installation: Use tar zxvf to uncompress and untar the distribution and read the README.txt.
Splunk for Double-Take
Splunk for Double-Take, a collaborative platform, brings higher system availability, lower cost of maintaining availability, and simplified monitoring of business critical Microsoft Exchange and SQL Server environments. By adding the power of Splunk IT Search into the Double-Take offering, users can tap into the capabilities of real-time search, alerting, reporting and analysis, to aggressively and proactively ensure successful failover conditions through a broader view of their environment.
Audible Alerts using Nabaztag:Tag (Wifi Rabbit)
This application is an example of sending audible alerts to a device using the REST API of the device. The idea is that there are times when you would want to receive alerts beyond the usual text based alerts, especially when you may be in a remote location. This script runs as a scripted alert in Splunk to send an audible alert to a Nabaztag:Tag (robot rabbit from http://www.violet.net/) whenever the alert conditions are met. It uses Violet's REST API to send the message. Currently, the script uses daily, weekday and weekend to control what days the email alert should be sent. It also provides start and end hours when the alert should be active. Installation: Use tar zxvf to uncompress and untar the distribution. Then, read the README for further instructions. Requirements: Wireless Router and Nabaztag:Tag
Nagios sevice check to monitor the size of daily index
This Nagios service check allows a user to define a threshold in amount of bytes that will raise an alarm when the splunk daily index surpasses this amount.