Searches Apps

Splunkbase is home to the apps and add-ons that run on top of Splunk. Browse the latest apps below, or share your own with the rest of the Splunk community. To learn more about Splunk and download a free Enterprise Trial of our software, visit Splunk.com.

Want to share searches?

Search apps allow you to download Splunk searches other people have created, or to share ones you've made! Even cooler, an app can have more than one type of content, so you can add searches to any app.

AfterGlow for Splunk 3.x

This search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application!

Type: Security Applications | Splunk Version: 3.x | Author: raffy
More »
Screenshot

Splunk for Cisco Security

Splunk for Cisco is an application that provides a consolidated view of specific Cisco product events. The apps and their saved searches and dashboards, can be used separately or can be used together to provide a unique-to-Splunk single-pane-of-glass for host, network, and email security events.Cisco applications covered are: - Cisco CSA - Cisco Email Security Appliance (formerly Ironport) - Cisco Web Security Appliance (formerly Ironport) - Cisco ASA (firewall and IPS logs) This combination of log data provides: - A correlated view of infected hosts with data loss information from WSA/ESA - The ability to follow the connection between related data acrossdifferent hosts - The ability to trace threats in real time utilizing reputation from Cisco Global Correlation IPS events

Type: App | Splunk Version: 4.1 or later | Author: will
cisco
More »

Splunk Assist Application

The Splunk assist application is to be used for troubleshooting, monitoring, and enhancing the performance of Splunk. The application contains a group of files that contains searches and configuration options that will assist in your use of Splunk.

Type: Splunk | Splunk Version: 3.x | Author: Splunk
More »
Screenshot

Splunk License Usage

This app provides a new dashboard which has several widgets that query to help you determine your Splunk license usage total over the past 24 hours as well as usage by host, source, and sourcetype. It contains timecharts to help you understand usage over time and see usage spikes as well as pie charts to help you to figure out which log files, sourcetypes, and hosts Splunk is indexing the most data from.

Type: App | Splunk Version: 4.x | Author: joshs
license license-violation
More »

Splunk for UNIX (Splunk 3 Compatible)

The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, iptables, and netstat, are supported.

Type: Monitoring | Splunk Version: 3.x | Author: Splunk
More »

Web access reports

Provides saved web access reports that you can access when needed.

Type: E-commerce | Splunk Version: 3.x | Author: ssorkin
More »

Splunk for PCI for Splunk 3.x

The Splunk PCI application offers over 57 reports, more than 91 saved searches, a dashboard, and corresponding alerts you can use to satisfy PCI requirements such as secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting.

Type: PCI | Splunk Version: 3.x | Author: Splunk
More »

Splunk Enterprise Manager

A Splunk application that provides visibility into the connectivity of Splunk forwarders to one or more indexers, the availability of Splunk forwarders and indexers, the data volumes passed by forwarders and the data volumes consumed by indexers. Displayed within a dashboard view.

Type: Server Management | Splunk Version: 3.x | Author: 76trombones
More »
Screenshot

Splunk for IMAP

This application will continually download mail from an imap account where it is indexed by a Splunk server. You can do cool things like see how often you get mail from someone, graph by size, time, etc.

Type: App | Splunk Version: 3.x-4.x | Author: erik
email search
More »

Splunk for Change Management

Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files.

Type: Change Management | Splunk Version: 3.x | Author: Splunk
More »
Screenshot

Splunk for Unix and Linux

Splunk for *nix provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management. Now you can monitor, manage and troubleshoot *nix operating systems from one place with Splunk for *nix. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data. The app makes getting started with Splunk a breeze.

Type: App | Splunk Version: 4.x | Author: Splunk
unix linux performance
More »

UI Examples

This app is a collection of example views created by Nick, Nate and other members of the UI development team here at Splunk. Download this app to follow along at home with the examples described in the Developer manual.

Type: Add-On | Splunk Version: 4.x | Author: emma
More »

Web Page Monitor

This bundle will check a set of webpages every interval and index the result, time, size and optionally content and or crc of page(s). It's cool to do searches to see when your pages change, take long to load, or many other cool things.

Type: None | Splunk Version: 4.x | Author: erik
More »

Cisco Firewalls

Field extractions, sample reports and dashboards for Cisco ASA, PIX and FWSM Firewalls Configuration instructions and comments can also be found here: http://answers.splunk.com/questions/3366/how-do-i-install-the-cisco-firewall-add-on

Type: Add-On | Splunk Version: 4.x | Author: will
cisco firewalls
More »

Splunk for Windows for Splunk 3.x

Splunk for Windows application is a compilation of saved searches, eventtypes, inputs, and field extractions for Windows. The extractions are compatible with the Splunk Common Information Model. The application also contains an integration for Microsoft’s System Center Operations Manager.

Type: Windows | Splunk Version: 3.x | Author: Splunk
More »

Splunk for OSSEC (Splunk v4 version)

This package contains parsing logic, saved searches, and dashboards for monitoring the OSSEC Host-based Intrusion Detection System via Splunk. Please read the Installation section - the app WILL NOT WORK without configuration.

Type: App | Splunk Version: 4.x | Author: southeringtonp
More »

Splunk for Network Security

The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.

Type: Network Security | Splunk Version: 3.x | Author: Splunk
More »

Arkeia

Arkeia Network Backup Bundle used to index the common fields from the backup log file to make searching and reporting easier.

Type: Change Management | Splunk Version: 3.x | Author: maverick
More »

Splunk for CISCO PIX

Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications.

Type: Cisco PIX | Splunk Version: 3.x | Author: Splunk
More »

Negative Searching Demo Bundle

This bundle, created jointly by Maverick and Stephen Sorkin, demonstrates a way to perform negative searches by indexing known patterns and catching anomalous patterns into a separate index.

Type: Compliance | Splunk Version: 3.x | Author: maverick
More »

Nessus Bundle

This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type.

Type: Nessus | Splunk Version: 3.x | Author: maverick
More »

Brian's valgrind bundle

aggregates and extracts information from valgrind logs

Type: None | Splunk Version: 3.x | Author: BSplunk
More »

steveyz_bundle

A few useful searches leveraging the monitoring bundle data, using the multikv operator

Type: Linux/Unix Server Management | Splunk Version: 3.x | Author: steveyz
More »

Eggdrop IRC

A simple bundle to parse channel name, action status & msg, and user nick out of Eggdrop IRC channel logs.

Type: Business Applications | Splunk Version: 3.x | Author: amrit
More »

SplunkWidget

Widget for the OS X Dashboard to list your saved searches and alerts. Double click on the uncompressed SplunkWidget to install, see the README.txt file for more info. Requires OS X Tiger, 10.4.3+

Type: OS X | Splunk Version: 3.x | Author: andrea
More »

What are Apps and Add-ons?

Apps give you insight into your IT systems with dashboards, reports, data inputs and saved searches that work in your environment from the moment they install. Save time and money with free plug-and-play solutions built by Splunk, our partners and users.

Add-ons let you tackle specific data problems directly. Built by Splunk partners and power users from the Splunk community, add-ons are smaller, reusable components that can change the look and feel of Splunk, add data sources or share information between users.

How Do I Get Them?

You can browse and install apps from the menu at left or through the App Launcher within your Splunk installation. Visit the Administration Manual to learn more about installing apps or add-ons.

Most Splunk apps and add-ons are completely free and work with both the Free and Enterprise versions of Splunk 4.x. If you're looking for apps for older versions of Splunk, visit the Splunkbase Archive.

Build Your Own

The Splunk developer framework makes it easy to turn your Splunk work into custom apps and add-ons. Read the Developer Manual to find out how.

Come back to Splunkbase when you're ready to show your app to the world and visit the Share page to upload your app to the Splunk community.