All Alerts Applications
Want to share alerts?
Alert Applications allow you to download Splunk alerts other people have created, or to share your own! Even better, an Application can have more than one type of content, so you can add alerts to any Application.
Not a Splunk user? Download Splunk, set up your Splunk server, and then install your Applications(s) to extend your server.
- Recent
- |
- Highly Rated
- |
- Most Downloaded
Splunk for PCI
The Splunk PCI application offers over 57 reports, more than 91 saved searches, a dashboard, and corresponding alerts you can use to satisfy PCI requirements such as secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting.
Splunk for Change Management
Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files.
feorlen_twitter_alert
Example of using a 3rd party REST endpoint with a Splunk custom processor. Post a message to Twitter for sourcetype::access_common events containing the string "wikipedia" and add status info to the event so it gets indexed. Includes C++ source and osx-i386 binary.
Negative Searching Demo Bundle
This bundle, created jointly by Maverick and Stephen Sorkin, demonstrates a way to perform negative searches by indexing known patterns and catching anomalous patterns into a separate index.
Nessus Bundle
This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type.
SplunkWidget
Widget for the OS X Dashboard to list your saved searches and alerts. Double click on the uncompressed SplunkWidget to install, see the README.txt file for more info. Requires OS X Tiger, 10.4.3+
splunk2nagios
This add-on helps you set up Splunk to Nagios integration
Alex's sendemail.py
A modified version of sendemail.py which allows you to configure which fields are displayed in alert emails.
splunk2netcool
splunk2netcool integration for splunk 3.0
Splunk Parse
Splunk Parse (splunk_parse.py) is a python script you can set as your alert action on a saved search. It reads in the fields a saved search passing along and parses the corresponding saved search log file which is in CSV format. The parsing spits out the originating host and the full original problem. In this version it's feed to my ticketing system, but the output action can be easily changed.
Splunk Alert
Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output