The Archive supports a collection of apps for Splunk prior to version 4.0. Browse the menu at left to find apps or add-ons by the category of solution they provide or the Splunk function they're built for. To learn more about installing apps in Splunk 3.x, check the Adminstration Manual for your version.
Field apps let you download field definitions to install in your Splunk server, or share fields you made yourself! Even better, an app can have more than one type of content, so you can add fields to any app.
The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, iptables, and netstat, are supported.
Field extraction for OSSEC HIDS(http://www.ossec.net)
Splunk for Windows application is a compilation of saved searches, eventtypes, inputs, and field extractions for Windows. The extractions are compatible with the Splunk Common Information Model. The application also contains an integration for Microsoft’s System Center Operations Manager.
Arkeia Network Backup Bundle used to index the common fields from the backup log file to make searching and reporting easier.
Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications.
This application contains field extractions and eventtypes for IPFW firewall log files.
This bundle contains field extractions and eventtypes for OpenBSD firewall events.
This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type.
This app provides field extraction and event types for Netscreen firewalls. The extractions are compatible with the Splunk common information model.
Provides file classification, date extraction, and extractions for ironport data.
anonymizes ip address as 127.0.0.1 (localhost); email addresses as user@domain.com ; social-security-numbers as 555-00-0000; password/passwd looking values as 'password' ; username/userid/login/user looking values as 'bob'.
Extracts snort 2.6 fields which can be used in reporting.
Want to put your Nmap output into Splunk? Check out this add-on, which will parse your grepable Nmap output into a scripted input and then perform some field extraction on the data.
Field Extractions and Event Types that match events coming from WebLogic 9.2 and WebLogic 10.0.
Bundle for monitoring battery usage on an OSX based laptop.
Search-time parsing of following fields: loc, time, action, orig, i/f_dir, i/f_name, has_accounting, uuid, product, src, dst, proto, rule
Field Extractions for Watchguard Firebox
Field Extractions for WebLogic HTTP Access Logs
This Add-on extracts fields related to useful troubleshooting and configuration from the Postfix main.cf configuration file.
Contains the basic extractions as well as some saved searches, reports, event types, and custom dashboard modules.
This bundle contains field extractions for the Bladelogic agent and nsh log files. Some sample reports are also included.
This bundle performs field extractions for sonicwall TZ 170 without the UTM/IDS modules
This add-on applies to Microsoft Exchange event tracking logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
This add-on normalizes Netcache fields so that other Splunk applications understand them.
This add-on applies to Sendmail logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).