The Archive supports a collection of apps for Splunk prior to version 4.0. Browse the menu at left to find apps or add-ons by the category of solution they provide or the Splunk function they're built for. To learn more about installing apps in Splunk 3.x, check the Adminstration Manual for your version.
This search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application!
The Splunk assist application is to be used for troubleshooting, monitoring, and enhancing the performance of Splunk. The application contains a group of files that contains searches and configuration options that will assist in your use of Splunk.
The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, iptables, and netstat, are supported.
Provides saved web access reports that you can access when needed.
The Splunk PCI application offers over 57 reports, more than 91 saved searches, a dashboard, and corresponding alerts you can use to satisfy PCI requirements such as secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting.
This search script (nslookup.py) will perform reverse name lookup on every IP from an event at search time.
A Splunk application that provides visibility into the connectivity of Splunk forwarders to one or more indexers, the availability of Splunk forwarders and indexers, the data volumes passed by forwarders and the data volumes consumed by indexers. Displayed within a dashboard view.
Field extraction for OSSEC HIDS(http://www.ossec.net)
Splunk indexes all IT data across every tier - the physical servers, hypervisor, VMs, and deployed applications, capturing and persisting 100% of your data in real-time. It includes inputs, indexing, searches, reports and dashboards.
Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files.
This add-on helps you set up Splunk to Nagios integration
This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.
Splunk for Windows application is a compilation of saved searches, eventtypes, inputs, and field extractions for Windows. The extractions are compatible with the Splunk Common Information Model. The application also contains an integration for Microsoft’s System Center Operations Manager.
This bundle adds new field actions for IP addresses to locate the geographic origin of a connection.
The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.
Arkeia Network Backup Bundle used to index the common fields from the backup log file to make searching and reporting easier.
Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications.
Example of using a 3rd party REST endpoint with a Splunk custom processor. Post a message to Twitter for sourcetype::access_common events containing the string "wikipedia" and add status info to the event so it gets indexed. Includes C++ source and osx-i386 binary.
This bundle, created jointly by Maverick and Stephen Sorkin, demonstrates a way to perform negative searches by indexing known patterns and catching anomalous patterns into a separate index.
This application contains field extractions and eventtypes for IPFW firewall log files.
This bundle contains field extractions and eventtypes for OpenBSD firewall events.
Gather and report on system fan speeds using ipmi
This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type.
This app provides field extraction and event types for Netscreen firewalls. The extractions are compatible with the Splunk common information model.
Provides file classification, date extraction, and extractions for ironport data.