Reports Apps
Splunkbase is home to the apps and add-ons that run on top of Splunk. Browse the latest apps below, or share your own with the rest of the Splunk community. To learn more about Splunk and download a free Enterprise Trial of our software, visit Splunk.com.
Want to share reports?
Report apps allow you to download reports for use with Splunk, or share your own! Even cooler, an app can have more than one type of content, so you can add reports to any app.
Splunk Assist Application
The Splunk assist application is to be used for troubleshooting, monitoring, and enhancing the performance of Splunk. The application contains a group of files that contains searches and configuration options that will assist in your use of Splunk.
Splunk License Usage
This app provides a new dashboard which has several widgets that query to help you determine your Splunk license usage total over the past 24 hours as well as usage by host, source, and sourcetype. It contains timecharts to help you understand usage over time and see usage spikes as well as pie charts to help you to figure out which log files, sourcetypes, and hosts Splunk is indexing the most data from.
Web access reports
Provides saved web access reports that you can access when needed.
Splunk for PCI for Splunk 3.x
The Splunk PCI application offers over 57 reports, more than 91 saved searches, a dashboard, and corresponding alerts you can use to satisfy PCI requirements such as secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting.
Splunk Enterprise Manager
A Splunk application that provides visibility into the connectivity of Splunk forwarders to one or more indexers, the availability of Splunk forwarders and indexers, the data volumes passed by forwarders and the data volumes consumed by indexers. Displayed within a dashboard view.
PDF Report Server (install on Linux only)
The PDF Report Server add-on enables your Linux-based Splunk instance to generate emailed reports in PDF format. IMPORTANT: it is only compatible with Intel-based Linux systems and requires the Xvfb and xauth operating system packages to be installed. See the documentation for further details. Instances of Splunk running on non-Linux OS's (Solaris, Windows, etc.) cannot run the PDF Report Server, but they can be configured to use a remote Linux-based Splunk server with this add-on installed to generate PDFs. This add-on requires an Enterprise license and will not work with a Free license. For more information, see: http://www.splunk.com/base/Documentation/4.1/Installation/ConfigurePDFprintingforSplunkWeb
Splunk for Change Management
Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files.
Splunk for Unix and Linux
Splunk for *nix provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management. Now you can monitor, manage and troubleshoot *nix operating systems from one place with Splunk for *nix. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data. The app makes getting started with Splunk a breeze.
Cisco Firewalls
Field extractions, sample reports and dashboards for Cisco ASA, PIX and FWSM Firewalls Configuration instructions and comments can also be found here: http://answers.splunk.com/questions/3366/how-do-i-install-the-cisco-firewall-add-on
Splunk for Windows for Splunk 3.x
Splunk for Windows application is a compilation of saved searches, eventtypes, inputs, and field extractions for Windows. The extractions are compatible with the Splunk Common Information Model. The application also contains an integration for Microsoft’s System Center Operations Manager.
Splunk for Network Security
The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.
Arkeia
Arkeia Network Backup Bundle used to index the common fields from the backup log file to make searching and reporting easier.
Splunk for CISCO PIX
Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications.
Negative Searching Demo Bundle
This bundle, created jointly by Maverick and Stephen Sorkin, demonstrates a way to perform negative searches by indexing known patterns and catching anomalous patterns into a separate index.
Nessus Bundle
This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type.
Brian's crash report log bundle
Aggregates and extracts useful information from osx crash reporter logs.
steveyz_bundle
A few useful searches leveraging the monitoring bundle data, using the multikv operator
twiki logs
Contains the basic extractions as well as some saved searches, reports, event types, and custom dashboard modules.
Bladelogic NSH and Agent Logs
This bundle contains field extractions for the Bladelogic agent and nsh log files. Some sample reports are also included.
Perl PDF Report Creator "Search Command"
Create customizable PDF reports using this perl script, which includes the Intersplunk.pm module written by Andrew Hoying. Some knowledge of Perl required to install the Perl PDF modules available via CPAN.
Splunk Globe
Splunk Globe uses the Poly9 FreeEarth plugin. Splunk Globe queries a Splunk instance for the most recent IP addresses, then plots them on the globe. Updates occur in near real-time.
Splunk for IIS W3C extended
The Splunk for IIS W3C extended application adds several saved searches which can be used for reporting and alerts. In the near future this application will also add several event types related to common IIS attacks.
Splunk for Windows Firewall
Splunk for Windows Firewall provides field extractions, event types, and saved searches for Windows firewall logs.
Splunk for F5 DEMO App With Sample Data Generation
***********THIS APP WILL PRODUCE SAMPLE DATA IN YOUR SPLUNK INSTANCE************* ****IF YOU ARE LOOKING FOR THE SPLUNK FOR F5 App please download it here: http://www.splunkbase.com/apps/All/Security/app:Splunk+for+F5+Networks ************ The Splunk for F5 DEMO app is a Splunk application which demonstrates the capabilities of Splunk on F5 Application Firewall data. This application will generate F5 ASM data at 7eps and load it into your Splunk instance the entire time the Splunk instance is running. *YOU WILL NEED TO DISABLE THIS APP TO HALT DATA PRODUCTION* It demonstrates Splunk's capabilities by providing field extractions, reports and dashboards on the data being generated. If your curious about Splunk but do not have data to test with, this is the application for you.
Splunk for use with Palo Alto Networks
Splunk and Palo Alto Networks have developed an application which provides users with fingertip access to the wealth of information on applications, users and content that Palo Alto Networks next generation firewalls generates. The evolution of the application and threat landscape has resulted in a loss of visibility and control over applications, users and content. The loss of visibility and control exposes enterprises to business risks including network downtime, increased operational expenses, and data loss through unauthorized data transfer.