The Archive supports a collection of apps for Splunk prior to version 4.0. Browse the menu at left to find apps or add-ons by the category of solution they provide or the Splunk function they're built for. To learn more about installing apps in Splunk 3.x, check the Adminstration Manual for your version.
Field apps let you download field definitions to install in your Splunk server, or share fields you made yourself! Even better, an app can have more than one type of content, so you can add fields to any app.
Field extraction for OSSEC HIDS(http://www.ossec.net)
This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type.
anonymizes ip address as 127.0.0.1 (localhost); email addresses as user@domain.com ; social-security-numbers as 555-00-0000; password/passwd looking values as 'password' ; username/userid/login/user looking values as 'bob'.
Extracts snort 2.6 fields which can be used in reporting.
Want to put your Nmap output into Splunk? Check out this add-on, which will parse your grepable Nmap output into a scripted input and then perform some field extraction on the data.
This add-on normalizes Netcache fields so that other Splunk applications understand them.
This application applies to Snort alert logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
The Splunk for Snare application offers eventtypes and field extractions for Snare collecting Windows events.
== Squid Application == This application will provide additional field extractions for Squid Proxy Server access_log files == Using Squid Application == At search time the following additional fields will be available: - duration - clientip - action - http_status - bytes - method - uri - proto - uri_host - uri_port - uri_path - username - hierarchy - server_ip - content_type === CHANGELOG === 1.2 -> 1.3: Added SHOULD_LINEMERGE to props.conf to address reported issue
This App implements field extractions compatible with Splunk's Common Information Model and event types for Dante SOCKS Proxy logs. It's useful to complement other Apps.
This App implements field extractions compatible with Splunk's Common Information Model for SS5 SOCKS Proxy logs. It's useful to complement other Apps.