Networking Applications
Not a Splunk user? Download Splunk, set up your Splunk server, and then install your Applications(s) to extend your server.
Featured Application:
CheckPoint OPSEC LEA Application
More...
- Recent
- |
- Highly Rated
- |
- Most Downloaded
Splunk for CISCO PIX
Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications.
IPFW Firewall
This application contains field extractions and eventtypes for IPFW firewall log files.
OpenBSD Packet Filter
This bundle contains field extractions and eventtypes for OpenBSD firewall events.
nscreen
This bundle is for field extraction and reporting on netscreen firewalls
Google Earth / Google Maps
This bundle adds new field actions for IP addresses to locate the geographic origin of a connection.
Enable SSL in Splunk
A quick and simple add-on that enables SSL for your pre-3.2 Splunk server and Web interface.
getdevicetype
This search command will parse a csv file exported by network or systems device management software and match the hostnames/ip addresses in the file to host field values in you Splunk search, returning the new field devicetype for every match. The csv location is specified at the top of the script, and if you wish you can also alter the field matching to something other than "host" by changing the field variable in the script. The csv must be in the format "device_name,device_type". Thus, you can type: login | getdevicetype | where devicetype="cisco6500" to get only logins on cisco6500 devices or login | getdevicetype to get devicetype to display as a field below each event and be filterable and clickable like host and hosttag. or login | getdevicetype | top devicetype to get a report of number of events by devicetype.
CheckPoint OPSEC LEA Application
This application contains an OPSEC LEA application to drop into Splunk 3.0 or later, offering a client, event types, and field extractions. It functions on Linux and on Solaris with gmake and gcc installed. The application conforms with the Splunk application standard, meaning that it uses common field names for its data.
Checkpoint Event Field Extraction
Search-time parsing of following fields: loc, time, action, orig, i/f_dir, i/f_name, has_accounting, uuid, product, src, dst, proto, rule
Watchguard Firebox
Field Extractions for Watchguard Firebox
Sonicwall Firewall
This bundle performs field extractions for sonicwall TZ 170 without the UTM/IDS modules
iptables fields, inputs, and event types
This add-on applies to iptables firewall logs, normalizing their field names so they work well with other Splunk applications.
Splunk Alert
Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output
Splunk for Network
This is a simple application to monitor change on network device configurations. It runs a scripted input to request the network device upload it's configuration file to a tftp server. The input reads /tftpboot for any files that get uploaded and indexes them through the fschange source.
Reverse Name Resolution Search Script (DNS)
This search script (nslookup.py) will perform reverse name lookup on every IP from an event at search time.