Clients Apps
Splunkbase is home to the apps and add-ons that run on top of Splunk. Browse the latest apps below, or share your own with the rest of the Splunk community. To learn more about Splunk and download a free Enterprise Trial of our software, visit Splunk.com.
Want to use the Splunk APIs to create a whole new client?
Client apps let you do just that! Make your own toolbars, integrate Splunk with your own app, or even make whole new programs that call Splunk's APIs. Or, you can download clients other people have made.
SplunkWidget
Widget for the OS X Dashboard to list your saved searches and alerts. Double click on the uncompressed SplunkWidget to install, see the README.txt file for more info. Requires OS X Tiger, 10.4.3+
Splunk Globe
Splunk Globe uses the Poly9 FreeEarth plugin. Splunk Globe queries a Splunk instance for the most recent IP addresses, then plots them on the globe. Updates occur in near real-time.
WordPress Splunk Demo Widget
A sample WordPress widget to do a search via the REST API and display the results in a Widget
CheckPoint OPSEC LEA Application for Solaris/SPARC
This application contains an OPSEC LEA application to drop into Splunk 3.3 or later, offering a client, event types, and field extractions. This version is compiled for Solaris. The application conforms with the Splunk common information model, meaning that it uses common field names for its data.
CheckPoint OPSEC LEA Application for Linux
This application contains an OPSEC LEA application to drop into Splunk 3.3 or later, offering a client, event types, and field extractions. This version is compiled for Solaris. The application conforms with the Splunk common information model, meaning that it uses common field names for its data.
App Deployment
This application provides a way to distribute applications via the Deployment Server. Currently (3.4.3) the deployment server creates a tar file (as .bundle) for each application, and stores the configuration and discards the rest of the file. This script runs as a scripted input as a one-shot at startup. The script will go through each bundle that has been distributed to the instance, checks to see if a bin/ directory exists, checks the 'checksum' against the .checksum file within the instances etc/apps/APPNAME/ directory, if the file doesn't exist or the checksum does not equal that of the bundle the bin/ directory is extracted to the instances etc/apps/APPNAME/ directory.
Nagios 3.0.6
integration fo a nagios3.0.6 xxxxxxxxxxxxxxxxxxx
Splunk Monitoring
The Splunk Monitoring application can be used to monitor your Splunk forwarding nodes from your indexing node using an nmap query script. It creates a new "splunk_monitoring" index and has a single dashboard that displays the overall number of servers that are UP or DOWN as well as the status of each individual server. To use the Splunk Monitoring application, extract the files into your $SPLUNK_HOME/etc/apps directory. The actual monitoring script uses nmap so make sure you have it installed on your indexing node. Edit the $SPLUNK_HOME/etc/apps/splunk_monitoring/local/tags.conf file to include a list of your servers (the actual tag doesn't matter) or edit the $SPLUNK_HOME/etc/apps/splunk_monitoring/bin/splunk_port_monitor.sh script to point to a different location for the tag_file variable. You will also want to edit that file if you run Splunk on a port other than 8089 or if your nmap executable is located in a location other than /usr/bin/nmap.
TCP or UDP Sending
This distribution shows a simple approach to sending TCP or UDP data to Splunk using included python scripts. In addition, test programs have been provided to test TCP or UDP connections from one machine to another without using Splunk to make sure there are no firewalls or policies that prevent connections or receiving of data. This would be one way to debug why a forwarder cannot send data to a port on another machine. Gunzip and Untar the distribution into SPLUNK_HOME/etc/apps and read the README.txt for instructions.
JMS Receiver for Indexing
This distribution is a working example for indexing messages that are sent to JMS Queues. Although the example heavily relies on WebLogic Server 10.3, it could be modified to work with any JMS provider. Messages are delivered to a JMS Queue and Splunk is configured to run a scripted input once to call a JMS Queue consumer. Every message the consumer receives will be sent to standard output to be indexed. Although the distribution has been built on Windows, it should be able to run on any platform supported by Splunk and the JMS provider. To begin with, gunzip and untar the distribution into SPLUNK_HOME\etc\apps and follow the instructions in the README.txt