Event Actions Apps
Splunkbase is home to the apps and add-ons that run on top of Splunk. Browse the latest apps below, or share your own with the rest of the Splunk community. To learn more about Splunk and download a free Enterprise Trial of our software, visit Splunk.com.
Want to roll program launchers into the Splunk interface, so you can use them on search results?
Event Action apps let you add options to the menu next to events in Splunk's search results. You can use these to launch other web-based tools to do things like looking up IP addresses or launching URLs appearing in your events. Create your own Event Action app, or download actions created by other members of the Splunk community! Even better, roll in other types of apps for a more well-rounded solution.
AfterGlow for Splunk 3.x
This search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application!
Splunk for Change Management
Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files.
Splunk for Unix and Linux
Splunk for *nix provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management. Now you can monitor, manage and troubleshoot *nix operating systems from one place with Splunk for *nix. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data. The app makes getting started with Splunk a breeze.
splunk2nagios
This add-on helps you set up Splunk to Nagios integration
Google Earth / Google Maps
This bundle adds new field actions for IP addresses to locate the geographic origin of a connection.
twiki logs
Contains the basic extractions as well as some saved searches, reports, event types, and custom dashboard modules.
splunk2netcool
splunk2netcool integration for splunk 3.0
Splunk Alert
Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output
Splunk for F5 DEMO App With Sample Data Generation
***********THIS APP WILL PRODUCE SAMPLE DATA IN YOUR SPLUNK INSTANCE************* ****IF YOU ARE LOOKING FOR THE SPLUNK FOR F5 App please download it here: http://www.splunkbase.com/apps/All/Security/app:Splunk+for+F5+Networks ************ The Splunk for F5 DEMO app is a Splunk application which demonstrates the capabilities of Splunk on F5 Application Firewall data. This application will generate F5 ASM data at 7eps and load it into your Splunk instance the entire time the Splunk instance is running. *YOU WILL NEED TO DISABLE THIS APP TO HALT DATA PRODUCTION* It demonstrates Splunk's capabilities by providing field extractions, reports and dashboards on the data being generated. If your curious about Splunk but do not have data to test with, this is the application for you.
Nagios 3.0.6
integration fo a nagios3.0.6 xxxxxxxxxxxxxxxxxxx
Splunk for Double-Take
Splunk for Double-Take, a collaborative platform, brings higher system availability, lower cost of maintaining availability, and simplified monitoring of business critical Microsoft Exchange and SQL Server environments. By adding the power of Splunk IT Search into the Double-Take offering, users can tap into the capabilities of real-time search, alerting, reporting and analysis, to aggressively and proactively ensure successful failover conditions through a broader view of their environment.
Splunk for Blue Coat
Splunk for Blue Coat provides search, alerting and reporting for large-scale Blue Coat environments. Pre-defined searches, reports and dashboards for Traffic Analysis, Bandwidth Reporting, Security Investigations and User Behavior combined with the power of Splunk search gives you the visibility and intelligence you need. If you use Blue Coat for Secure Web Gateway, WAN Optimization or Application Performance Monitoring, you'll find Splunk for Blue Coat indispensable.
Splunk Enterprise Security Suite
Splunk Enterprise Security Suite (ESS) brings the power of Splunk to security information and event management (SIEM). Compliance reporting, incident investigation, log management, security posture monitoring and event correlation are now easy to deploy, scale and maintain with Splunk's universal data collection, ad-hoc search, real time alerting and large scale reporting. ESS includes six security domains; Security Posture, Access Control Protection, Endpoint Protection, Network Protection, Incident Response and Audit/Data Protection. ESS uses the Splunk Common Information Model (SCIM) to integrate with other Splunk Solution Suites and external systems like service and help desks. And all of this is backed by Splunk Professional Services delivery. If you've hit the wall with your existing SIEM or are just getting started looking for an enterprise security solution, contact us and we'll show you how Splunk Enterprise Security Suite just works better.
Splunk PCI Compliance Suite
Splunk PCI Compliance Suite covers all twelve PCI DSS requirements and all 228 sub-requirements including live controls monitoring, process workflow, checklists and reporting. Get a broader and deeper view of your compliance posture with Splunk’s universal indexing to handle any data source including complex application logs and configurations. Collect and retain all your log and configuration data even if your PCI domains are generating terabytes every day. Efficient workflows for audit-trail review and built in change monitoring eliminate the need for additional technologies and point product purchases to pass your PCI DSS audit. Eliminate unnecessary developer and IT access to production systems keeping PCI DSS exceptions to a minimum. PCI uses the Splunk Common Information Model (SCIM) to integrate with other Splunk Solution Suites and external systems. And it is backed by Splunk Professional Services delivery. Contact us and we'll show you how Splunk PCI Compliance Suite just works better.
Splunk for Windows
Splunk for Windows provides pre-built data inputs, searches, reports, alerts, and dashboards for Windows server and desktop management. Now you can monitor, manage, and troubleshoot Windows operating systems from one place with Splunk for Windows. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration, and user data. And you're really going to love the new WMI Web user interface for setting up and managing your Windows Event Logs. The app makes getting started with Splunk a breeze.
whois add on
This distribution has 2 add-ons. These 2 add-ons provide 2 different ways to perform a whois. The external web sites that are used are for demonstration and the user should use their own web sites if possible. They are both used in the context of a Splunk app. A requirement is that your data contains external IP addreses that can be used for workflow actions and/or look up commands. First extract your IP addresses from your index data. See the Splunk Docs on how to extract a field. For example, I have used ip as the name of my field. This is then used as input to the look up and and the work flow actions. Read the README.txt for further installation details.
Monitor Radio Stations
Turn SplunkWeb into a gateway for audio entertainment. This app indexes lists of songs currently being played by radio stations. It employs the creative commons licensed REST API served by http://api.yes.com to gather information by radio station call letters. To install, gunzip/untar (tar zxvf) the distribution into $SPLUNK_HOME/etc/apps and read the README.txt. You can monitor your own radio stations. The app comes with 2 dashboards, 8 reports, and 3 drop down form searches. It has workflow actions that can be used to search for a song, artist, lyrics, and also see if the radio station has a site to listen to it live online. This release also has a dashboard panel to play your own list of Internet Radio Stations within the panel. Enjoy. Disclaimer: This app should be used for informational purposes and is delivered as is. The use or misuse of the app is not the responsibility of Splunk or the author.
Splunk World Cup App
'Splunk the World Cup' takes in a feed of all twitter mentions of "#worldcup" and parses the mentions of each national team, creating a nice chart for your viewing pleasure. To see the original version, go to http://splunkd.com/worldcup/ and watch the results change with each match played.
Indexing Twitter Top Tweets
This app uses the Twitter Search RSS service to index the top tweets served by Twitter. It comes with a one dashboard and 3 saved searches. The main use for the app, besides amusement, may be to search within the top tweets for any mention of your company or product to see it is within a top tweet. This may help in cases of finding data leakage. There is one workflow action (Show Tweet) to get to the link of the tweet based on the link field. To install, Gunzip/untar (tar zxvf) the distribution and read the README.txt.