The Archive supports a collection of apps for Splunk prior to version 4.0. Browse the menu at left to find apps or add-ons by the category of solution they provide or the Splunk function they're built for. To learn more about installing apps in Splunk 3.x, check the Adminstration Manual for your version.
Scripted Input apps can be used to feed data into Splunk that is available through APIs or shell commands. Create your own, or download scripts created by other members of the Splunk community!
The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, iptables, and netstat, are supported.
This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.
Help Splunk to index the output of last (from /var/log/wtmp), even though it's in a binary format.
Want to put your Nmap output into Splunk? Check out this add-on, which will parse your grepable Nmap output into a scripted input and then perform some field extraction on the data.
This Splunk application manages Citrix XenServers. It includes inputs, indexing, searches, reports, dashboards and field actions.
This application will allow you to collect data from a tcpdump standard output directly into Splunk, it will also perform the necessary field extractions based on the Common Information Model This application is compliant with the 3.3.x standard.
This app will on an interval convert local audit logs to text while keeping track of the last time it ran as to not get duplicates. Run this app on a server that is running bsm to capture audit logs before they roll.
This application provides a way to distribute applications via the Deployment Server. Currently (3.4.3) the deployment server creates a tar file (as .bundle) for each application, and stores the configuration and discards the rest of the file. This script runs as a scripted input as a one-shot at startup. The script will go through each bundle that has been distributed to the instance, checks to see if a bin/ directory exists, checks the 'checksum' against the .checksum file within the instances etc/apps/APPNAME/ directory, if the file doesn't exist or the checksum does not equal that of the bundle the bin/ directory is extracted to the instances etc/apps/APPNAME/ directory.
This application provides bi-directional integration between Splunk and an IRC Server. It logs and indexes the conversation from a channel as a scripted input and it replies to searches executed against that same Splunk server.