Technologies Custom Processing Applications
Want to tweak the way Splunk indexes particular types of data?
Custom Processor Applications allow you to change how Splunk handles particular data sources. Create your own, or download scripts created by other members of the Splunk community! Even better, since Applications can have more than one type of content, you can include other features as well!
Not a Splunk user? Download Splunk, set up your Splunk server, and then install your Applications(s) to extend your server.
- Recent
- |
- Highly Rated
- |
- Most Downloaded
Splunk for VMware ESX Management
Splunk indexes all IT data across every tier - the physical servers, hypervisor, VMs, and deployed applications, capturing and persisting 100% of your data in real-time. It includes inputs, indexing, searches, reports and dashboards.
feorlen_twitter_alert
Example of using a 3rd party REST endpoint with a Splunk custom processor. Post a message to Twitter for sourcetype::access_common events containing the string "wikipedia" and add status info to the event so it gets indexed. Includes C++ source and osx-i386 binary.
Ironport field extractions
Provides file classification, date extraction, and extractions for ironport data.
adds support for anonymizing log files at index time
anonymizes ip address as 127.0.0.1 (localhost); email addresses as user@domain.com ; social-security-numbers as 555-00-0000; password/passwd looking values as 'password' ; username/userid/login/user looking values as 'bob'.
Enable SSL in Splunk
A quick and simple add-on that enables SSL for your pre-3.2 Splunk server and Web interface.
Sancp/Sguil Add-on
This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format.
Splunk Parse
Splunk Parse (splunk_parse.py) is a python script you can set as your alert action on a saved search. It reads in the fields a saved search passing along and parses the corresponding saved search log file which is in CSV format. The parsing spits out the originating host and the full original problem. In this version it's feed to my ticketing system, but the output action can be easily changed.
Splunk Alert
Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output
Splunk Replay
Inspired by glTail.rb and Digg Lab’s Stack, Splunk Replay is a Flash-based, data visualization tool which “replays” your Splunk'd logfile activities in an animated layout. Replay generates animated barchart graphs using two extracted fields from the events it receives from Splunk. For example, if you have Splunk eat wiki data, you can plot the wiki user and wiki page they are editing, and then animate those relationships over a given time range. Events particles are emitted from rows on the y-axis and stack up in columns x-axis. When a new row value is created, a random color is assigned to it for the duration of the session. These colors are then used in stacked bars to illustrate the amount of activity for a given row value. Older values on both axis are cycled out if more room is needed for newer data. More information, and instructions for installing replay can be found on the developer's wiki: http://code.google.com/p/splunk-flash/wiki/SplunkReplay