Event Types Apps
Splunkbase is home to the apps and add-ons that run on top of Splunk. Browse the latest apps below, or share your own with the rest of the Splunk community. To learn more about Splunk and download a free Enterprise Trial of our software, visit Splunk.com.
Want a bigger collection of Event Types?
Event Type apps classify events with shared punctuation and other features. You can create and share your own with the Splunk community, or download Event Type apps other people have made! Since apps can have more than one type of content, you can even combine your Event Types with other apps.
Splunk for Cisco Security
Splunk for Cisco is an application that provides a consolidated view of specific Cisco product events. The apps and their saved searches and dashboards, can be used separately or can be used together to provide a unique-to-Splunk single-pane-of-glass for host, network, and email security events.Cisco applications covered are: - Cisco CSA - Cisco Email Security Appliance (formerly Ironport) - Cisco Web Security Appliance (formerly Ironport) - Cisco ASA (firewall and IPS logs) This combination of log data provides: - A correlated view of infected hosts with data loss information from WSA/ESA - The ability to follow the connection between related data acrossdifferent hosts - The ability to trace threats in real time utilizing reputation from Cisco Global Correlation IPS events
Splunk for UNIX (Splunk 3 Compatible)
The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, iptables, and netstat, are supported.
Splunk for PCI for Splunk 3.x
The Splunk PCI application offers over 57 reports, more than 91 saved searches, a dashboard, and corresponding alerts you can use to satisfy PCI requirements such as secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting.
Splunk for OSSEC
Field extraction for OSSEC HIDS(http://www.ossec.net)
Splunk for VMware ESX Management
Splunk indexes all IT data across every tier - the physical servers, hypervisor, VMs, and deployed applications, capturing and persisting 100% of your data in real-time. It includes inputs, indexing, searches, reports and dashboards.
Splunk for Change Management
Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files.
Splunk for Unix and Linux
Splunk for *nix provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management. Now you can monitor, manage and troubleshoot *nix operating systems from one place with Splunk for *nix. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data. The app makes getting started with Splunk a breeze.
Cisco Firewalls
Field extractions, sample reports and dashboards for Cisco ASA, PIX and FWSM Firewalls Configuration instructions and comments can also be found here: http://answers.splunk.com/questions/3366/how-do-i-install-the-cisco-firewall-add-on
Splunk for Windows for Splunk 3.x
Splunk for Windows application is a compilation of saved searches, eventtypes, inputs, and field extractions for Windows. The extractions are compatible with the Splunk Common Information Model. The application also contains an integration for Microsoft’s System Center Operations Manager.
Splunk for OSSEC (Splunk v4 version)
This package contains parsing logic, saved searches, and dashboards for monitoring the OSSEC Host-based Intrusion Detection System via Splunk. Please read the Installation section - the app WILL NOT WORK without configuration.
Splunk for Network Security
The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.
Arkeia
Arkeia Network Backup Bundle used to index the common fields from the backup log file to make searching and reporting easier.
Splunk for CISCO PIX
Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications.
Splunk for Netscreen
This app provides field extraction and event types for Netscreen firewalls. The extractions are compatible with the Splunk common information model.
WebLogic Event Types
Field Extractions and Event Types that match events coming from WebLogic 9.2 and WebLogic 10.0.
twiki logs
Contains the basic extractions as well as some saved searches, reports, event types, and custom dashboard modules.
Netcache fields, inputs, and event types
This add-on normalizes Netcache fields so that other Splunk applications understand them.
Sendmail fields, inputs, and event types
This add-on applies to Sendmail logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
Splunk for Snort
This application applies to Snort alert logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
Splunk for Snare
The Splunk for Snare application offers eventtypes and field extractions for Snare collecting Windows events.
Splunk for Citrix XenServer Management
This Splunk application manages Citrix XenServers. It includes inputs, indexing, searches, reports, dashboards and field actions.
FortinetFW
Basic structure to work with syslog files coming from Fortinet Forigate firewall appliances.
FortigateFW
Modified version of nscreen to work with Fortinet Fortigate firewall syslog files.
CheckPoint OPSEC LEA Application for Solaris/SPARC
This application contains an OPSEC LEA application to drop into Splunk 3.3 or later, offering a client, event types, and field extractions. This version is compiled for Solaris. The application conforms with the Splunk common information model, meaning that it uses common field names for its data.
CheckPoint OPSEC LEA Application for Linux
This application contains an OPSEC LEA application to drop into Splunk 3.3 or later, offering a client, event types, and field extractions. This version is compiled for Solaris. The application conforms with the Splunk common information model, meaning that it uses common field names for its data.