The Archive supports a collection of apps for Splunk prior to version 4.0. Browse the menu at left to find apps or add-ons by the category of solution they provide or the Splunk function they're built for. To learn more about installing apps in Splunk 3.x, check the Adminstration Manual for your version.
This search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application!
Field extraction for OSSEC HIDS(http://www.ossec.net)
This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.
The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.
CEF or the common event format is an event interoperability standard, defining a common syntax for communication among log generating devices and applications. This is an add-on to extract the fields of CEF messages.
This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format.
This bundle performs field extractions for sonicwall TZ 170 without the UTM/IDS modules
this searchscript converts syslog priority into the appropriate severity and facility.
This application will allow you to collect data from a tcpdump standard output directly into Splunk, it will also perform the necessary field extractions based on the Common Information Model This application is compliant with the 3.3.x standard.
Splunk for Windows Firewall provides field extractions, event types, and saved searches for Windows firewall logs.
Provide IP-to-location look up support via a free GeoIP API. Please see README for non-trivial installation instructions. Latest changes (See CHANGELOG for full details): * Enhancement: Added a switch ["-nodns"|"nodns"] to disable name resolution. Usage: ....| geoip -nodns dest_ip * Enhancement: Now only real RFC/1918 IPs will have the city populated with "RFC/1918" other IPs with no resolution revert to "Unknown"
Splunk and Palo Alto Networks have developed an application which provides users with fingertip access to the wealth of information on applications, users and content that Palo Alto Networks next generation firewalls generates. The evolution of the application and threat landscape has resulted in a loss of visibility and control over applications, users and content. The loss of visibility and control exposes enterprises to business risks including network downtime, increased operational expenses, and data loss through unauthorized data transfer.
This App implements field extractions compatible with Splunk's Common Information Model and event types for Dante SOCKS Proxy logs. It's useful to complement other Apps.
This App implements field extractions compatible with Splunk's Common Information Model for SS5 SOCKS Proxy logs. It's useful to complement other Apps.