The Archive supports a collection of apps for Splunk prior to version 4.0. Browse the menu at left to find apps or add-ons by the category of solution they provide or the Splunk function they're built for. To learn more about installing apps in Splunk 3.x, check the Adminstration Manual for your version.
This search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application!
Field extraction for OSSEC HIDS(http://www.ossec.net)
The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.
This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format.
This bundle performs field extractions for sonicwall TZ 170 without the UTM/IDS modules
this searchscript converts syslog priority into the appropriate severity and facility.
This application will allow you to collect data from a tcpdump standard output directly into Splunk, it will also perform the necessary field extractions based on the Common Information Model This application is compliant with the 3.3.x standard.
Splunk for Windows Firewall provides field extractions, event types, and saved searches for Windows firewall logs.
Provide IP-to-location look up support via a free GeoIP API. Please see README for non-trivial installation instructions. Latest changes (See CHANGELOG for full details): * Enhancement: Added a switch ["-nodns"|"nodns"] to disable name resolution. Usage: ....| geoip -nodns dest_ip * Enhancement: Now only real RFC/1918 IPs will have the city populated with "RFC/1918" other IPs with no resolution revert to "Unknown"
This App implements field extractions compatible with Splunk's Common Information Model and event types for Dante SOCKS Proxy logs. It's useful to complement other Apps.
This App implements field extractions compatible with Splunk's Common Information Model for SS5 SOCKS Proxy logs. It's useful to complement other Apps.