The Archive supports a collection of apps for Splunk prior to version 4.0. Browse the menu at left to find apps or add-ons by the category of solution they provide or the Splunk function they're built for. To learn more about installing apps in Splunk 3.x, check the Adminstration Manual for your version.
Input apps let you download pre-made definitions for bringing even more data into your Splunk server. Or, you can share your own! Along with those definitions, since apps allow you to include more than one type of content, you can roll together a complete solution for a particular situation or program.
The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, iptables, and netstat, are supported.
This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.
Splunk for Windows application is a compilation of saved searches, eventtypes, inputs, and field extractions for Windows. The extractions are compatible with the Splunk Common Information Model. The application also contains an integration for Microsoft’s System Center Operations Manager.
Gather and report on system fan speeds using ipmi
Help Splunk to index the output of last (from /var/log/wtmp), even though it's in a binary format.
This bundle outputs this text : === START OF INFORMATION SECTION === Model Family= Seagate Momentus 7200.1 series Device Model= ST910021AS Serial Number= 3MH0498W Firmware Version= 3.07 User Capacity= 100,030,242,816 bytes Device is= In smartctl database [for details use: -P show] ATA Version is= 7 ATA Standard is= Exact ATA specification draft version not indicated Local Time is= Mon Aug 20 00:38:18 2007 PDT SMART support is= Available - device has SMART capability. SMART support is= Enabled === START OF READ SMART DATA SECTION === SMART overall-health self-assessment test result= PASSED Which is then indexed by Splunk.
Removes packet numbers from WildPackets events.
Bundle for monitoring battery usage on an OSX based laptop.
This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format.
This add-on applies to Microsoft Exchange event tracking logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
This add-on normalizes Netcache fields so that other Splunk applications understand them.
This add-on applies to Sendmail logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
This application applies to Snort alert logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
The Splunk for Snare application offers eventtypes and field extractions for Snare collecting Windows events.
This is a simple application to monitor change on network device configurations. It runs a scripted input to request the network device upload it's configuration file to a tftp server. The input reads /tftpboot for any files that get uploaded and indexes them through the fschange source.
This Splunk application manages Citrix XenServers. It includes inputs, indexing, searches, reports, dashboards and field actions.
This application will allow you to collect data from a tcpdump standard output directly into Splunk, it will also perform the necessary field extractions based on the Common Information Model This application is compliant with the 3.3.x standard.
This application contains an OPSEC LEA application to drop into Splunk 3.3 or later, offering a client, event types, and field extractions. This version is compiled for Solaris. The application conforms with the Splunk common information model, meaning that it uses common field names for its data.
This application contains an OPSEC LEA application to drop into Splunk 3.3 or later, offering a client, event types, and field extractions. This version is compiled for Solaris. The application conforms with the Splunk common information model, meaning that it uses common field names for its data.
This application provides bi-directional integration between Splunk and an IRC Server. It logs and indexes the conversation from a channel as a scripted input and it replies to searches executed against that same Splunk server.
Splunk for Double-Take, a collaborative platform, brings higher system availability, lower cost of maintaining availability, and simplified monitoring of business critical Microsoft Exchange and SQL Server environments. By adding the power of Splunk IT Search into the Double-Take offering, users can tap into the capabilities of real-time search, alerting, reporting and analysis, to aggressively and proactively ensure successful failover conditions through a broader view of their environment.
This application provides a source type for Microsoft Office Sharepoint Services 2007 logs.