Scripted Inputs Apps
Splunkbase is home to the apps and add-ons that run on top of Splunk. Browse the latest apps below, or share your own with the rest of the Splunk community. To learn more about Splunk and download a free Enterprise Trial of our software, visit Splunk.com.
Want to use APIs or shell commands to get data into Splunk?
Scripted Input apps can be used to feed data into Splunk that is available through APIs or shell commands. Create your own, or download scripts created by other members of the Splunk community!
Splunk for Cisco Security
Splunk for Cisco is an application that provides a consolidated view of specific Cisco product events. The apps and their saved searches and dashboards, can be used separately or can be used together to provide a unique-to-Splunk single-pane-of-glass for host, network, and email security events.Cisco applications covered are: - Cisco CSA - Cisco Email Security Appliance (formerly Ironport) - Cisco Web Security Appliance (formerly Ironport) - Cisco ASA (firewall and IPS logs) This combination of log data provides: - A correlated view of infected hosts with data loss information from WSA/ESA - The ability to follow the connection between related data acrossdifferent hosts - The ability to trace threats in real time utilizing reputation from Cisco Global Correlation IPS events
Splunk for UNIX (Splunk 3 Compatible)
The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, iptables, and netstat, are supported.
Splunk for IMAP
This application will continually download mail from an imap account where it is indexed by a Splunk server. You can do cool things like see how often you get mail from someone, graph by size, time, etc.
Splunk for Unix and Linux
Splunk for *nix provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management. Now you can monitor, manage and troubleshoot *nix operating systems from one place with Splunk for *nix. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data. The app makes getting started with Splunk a breeze.
Web Page Monitor
This bundle will check a set of webpages every interval and index the result, time, size and optionally content and or crc of page(s). It's cool to do searches to see when your pages change, take long to load, or many other cool things.
Script for database inputs
This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.
Splunk for OSSEC (Splunk v4 version)
This package contains parsing logic, saved searches, and dashboards for monitoring the OSSEC Host-based Intrusion Detection System via Splunk. Please read the Installation section - the app WILL NOT WORK without configuration.
Dee's wtmp input bundle
Help Splunk to index the output of last (from /var/log/wtmp), even though it's in a binary format.
Nmap Scripted Input & Field Extraction
Want to put your Nmap output into Splunk? Check out this add-on, which will parse your grepable Nmap output into a scripted input and then perform some field extraction on the data.
Perl POP3 Scripted Input
This is a simple perl script that reads messages from a POP3 account. Once the message is read and indexed, the message is deleted.
Splunk for Citrix XenServer Management
This Splunk application manages Citrix XenServers. It includes inputs, indexing, searches, reports, dashboards and field actions.
Splunk for tcpdump
This application will allow you to collect data from a tcpdump standard output directly into Splunk, it will also perform the necessary field extractions based on the Common Information Model This application is compliant with the 3.3.x standard.
Weather Web Service Input
This distribution calls a weather web service hosted by www.webservicex.com with a list of cities as input which is output to Splunk's indexer. The code makes use of the Apache Axis client library to call a web service as a scripted input to retrieve Weather reports for major cities and use each response as an Event stored in XML format. It is used as a demonstration for using web services as a scripted input. The work to call the web service for each city country pair is done in the GatherWeather.java program. To install, unzip the contents to SPLUNK_HOME/etc/apps and follow the instructions in README_WS.txt. You may provide your own list of cities to track and index. Field extractions are already included.
Web Services Weather as Scripted Input
This distribution calls a weather web service periodically with a list of cities as input which is output to Splunk's indexer. The code makes use of the Apache Axis client library to call a web service as a scripted input to retrieve weather reports for major cities and use each response as an event stored in XML format. It is used as a demonstration for using web services as a scripted input. You can choose your own cities to build your time series weather data store. The work to call the web service for each city country pair is done in the GatherWeather.java program. To install, unzip and un tar the distribution in SPLUNK_HOME/etc/apps and read the README_WS.txt file for further configuration.
Web Services Stock Quote as Scripted Input
This distribution calls a stock quote web service with a list of stock symbols as input which is output to Splunk's indexer. The code makes use of the Apache Axis client library to call a web service as a scripted input to retrieve stock quote reports for stock symbols and use each response as an event stored in XML format. It is used as a demonstration for using web services as a scripted input. The work to call the web service for each stock symbol is \ done in the GatherStockQuote.java program. To install, use tar zxvf and place the stockquotes directory under SPLUNK_HOME/etc/apps/. Then read the README_StockQuote.txt for further configuration. You can use this to create your own time series data store for stock information and create reports. This ships with one field action to get detailed information on a symbol. (use xmlkv to extract the symbol field).
BSM Audit log loader
This app will on an interval convert local audit logs to text while keeping track of the last time it ran as to not get duplicates. Run this app on a server that is running bsm to capture audit logs before they roll.
App Deployment
This application provides a way to distribute applications via the Deployment Server. Currently (3.4.3) the deployment server creates a tar file (as .bundle) for each application, and stores the configuration and discards the rest of the file. This script runs as a scripted input as a one-shot at startup. The script will go through each bundle that has been distributed to the instance, checks to see if a bin/ directory exists, checks the 'checksum' against the .checksum file within the instances etc/apps/APPNAME/ directory, if the file doesn't exist or the checksum does not equal that of the bundle the bin/ directory is extracted to the instances etc/apps/APPNAME/ directory.
IRC Splunk Bot
This application provides bi-directional integration between Splunk and an IRC Server. It logs and indexes the conversation from a channel as a scripted input and it replies to searches executed against that same Splunk server.
Nagios 3.0.6
integration fo a nagios3.0.6 xxxxxxxxxxxxxxxxxxx
Splunk for MySQL
A collection of Splunk scripted inputs, eventtypes, and reports for MySQL monitoring and diagnostics.
Splunk for Solaris Zones
The Splunk for Solaris Zones application is similar to the system monitoring capabilities in the Splunk for UNIX app. Splunk for Zones uses zone capable options in commands like prstat and ps but also introduces the ability to grab statistics directly from running zones using zlogin.
Splunk Enterprise Security Suite
Splunk Enterprise Security Suite (ESS) brings the power of Splunk to security information and event management (SIEM). Compliance reporting, incident investigation, log management, security posture monitoring and event correlation are now easy to deploy, scale and maintain with Splunk's universal data collection, ad-hoc search, real time alerting and large scale reporting. ESS includes six security domains; Security Posture, Access Control Protection, Endpoint Protection, Network Protection, Incident Response and Audit/Data Protection. ESS uses the Splunk Common Information Model (SCIM) to integrate with other Splunk Solution Suites and external systems like service and help desks. And all of this is backed by Splunk Professional Services delivery. If you've hit the wall with your existing SIEM or are just getting started looking for an enterprise security solution, contact us and we'll show you how Splunk Enterprise Security Suite just works better.
Splunk PCI Compliance Suite
Splunk PCI Compliance Suite covers all twelve PCI DSS requirements and all 228 sub-requirements including live controls monitoring, process workflow, checklists and reporting. Get a broader and deeper view of your compliance posture with Splunk’s universal indexing to handle any data source including complex application logs and configurations. Collect and retain all your log and configuration data even if your PCI domains are generating terabytes every day. Efficient workflows for audit-trail review and built in change monitoring eliminate the need for additional technologies and point product purchases to pass your PCI DSS audit. Eliminate unnecessary developer and IT access to production systems keeping PCI DSS exceptions to a minimum. PCI uses the Splunk Common Information Model (SCIM) to integrate with other Splunk Solution Suites and external systems. And it is backed by Splunk Professional Services delivery. Contact us and we'll show you how Splunk PCI Compliance Suite just works better.
Search
Search is the Splunk interface for searching and analyzing IT data. It allows you to index data into Splunk, add knowledge, build reports, and create alerts. Splunk 4.0 includes a brand new search and reporting interface, and pre-built useful dashboards for monitoring your Splunk installation. The Search App can be used across many areas of IT including infrastructure management, application management, security and compliance.
Splunk for Windows
Splunk for Windows provides pre-built data inputs, searches, reports, alerts, and dashboards for Windows server and desktop management. You can monitor, manage, and troubleshoot Windows operating systems from one place. Included are scripted inputs for CPU, disk, I/O, memory, log, configuration, and user data, plus a web-based setup UI for indexing Windows Events Logs. The app makes getting started with Splunk a breeze.