Transactions Apps

Splunkbase is home to the apps and add-ons that run on top of Splunk. Browse the latest apps below, or share your own with the rest of the Splunk community. To learn more about Splunk and download a free Enterprise Trial of our software, visit Splunk.com.

Have a series of transactions you need to define?

Transaction apps let you download pre-defined transactions you can install in your Splunk server, or share transactions you defined yourself! Even cooler, an app can have more than one type of content, so you can add transactions to any app.

Splunk for Cisco Security

Splunk for Cisco is an application that provides a consolidated view of specific Cisco product events. The apps and their saved searches and dashboards, can be used separately or can be used together to provide a unique-to-Splunk single-pane-of-glass for host, network, and email security events.Cisco applications covered are: - Cisco CSA - Cisco Email Security Appliance (formerly Ironport) - Cisco Web Security Appliance (formerly Ironport) - Cisco ASA (firewall and IPS logs) This combination of log data provides: - A correlated view of infected hosts with data loss information from WSA/ESA - The ability to follow the connection between related data acrossdifferent hosts - The ability to trace threats in real time utilizing reputation from Cisco Global Correlation IPS events

Type: App | Splunk Version: 4.1 or later | Author: will

cisco

Arkeia

Arkeia Network Backup Bundle used to index the common fields from the backup log file to make searching and reporting easier.

Type: Change Management | Splunk Version: 3.x | Author: maverick

Tranaction eventbreaker

When doing a CLI search for transactions, it can be hard to know the start and end points of the events. This script adds line breaks (with timestamps) between the events.

Type: Operations | Splunk Version: 3.x | Author: kbains

Splunk Enterprise Security Suite

Splunk Enterprise Security Suite (ESS) brings the power of Splunk to security information and event management (SIEM). Compliance reporting, incident investigation, log management, security posture monitoring and event correlation are now easy to deploy, scale and maintain with Splunk's universal data collection, ad-hoc search, real time alerting and large scale reporting. ESS includes six security domains; Security Posture, Access Control Protection, Endpoint Protection, Network Protection, Incident Response and Audit/Data Protection. ESS uses the Splunk Common Information Model (SCIM) to integrate with other Splunk Solution Suites and external systems like service and help desks. And all of this is backed by Splunk Professional Services delivery. If you've hit the wall with your existing SIEM or are just getting started looking for an enterprise security solution, contact us and we'll show you how Splunk Enterprise Security Suite just works better.

Type: Suite | Splunk Version: 4.x | Author: Splunk

security ess splunk-supported

Splunk PCI Compliance Suite

Splunk PCI Compliance Suite covers all twelve PCI DSS requirements and all 228 sub-requirements including live controls monitoring, process workflow, checklists and reporting. Get a broader and deeper view of your compliance posture with Splunk’s universal indexing to handle any data source including complex application logs and configurations. Collect and retain all your log and configuration data even if your PCI domains are generating terabytes every day. Efficient workflows for audit-trail review and built in change monitoring eliminate the need for additional technologies and point product purchases to pass your PCI DSS audit. Eliminate unnecessary developer and IT access to production systems keeping PCI DSS exceptions to a minimum. PCI uses the Splunk Common Information Model (SCIM) to integrate with other Splunk Solution Suites and external systems. And it is backed by Splunk Professional Services delivery. Contact us and we'll show you how Splunk PCI Compliance Suite just works better.

Type: Suite | Splunk Version: 4.x | Author: Splunk

pci compliance splunk-supported

Cisco IronPort E-mail Security Add On

Field extractions and dashboards and a form search for the Cisco IronPort E-mail Security Appliance. Configuration instructions and comments can also be found here: http://answers.splunk.com/questions/3360/how-do-i-install-the-cisco-ironport-e-mail-add-on

Type: Add-On | Splunk Version: 4.x | Author: will

What are Apps and Add-ons?

Apps give you insight into your IT systems with dashboards, reports, data inputs and saved searches that work in your environment from the moment they install. Save time and money with free plug-and-play solutions built by Splunk, our partners and users.

Add-ons let you tackle specific data problems directly. Built by Splunk partners and power users from the Splunk community, add-ons are smaller, reusable components that can change the look and feel of Splunk, add data sources or share information between users.

How Do I Get Them?

You can browse and install apps from the menu at left or through the App Launcher within your Splunk installation. Visit the Administration Manual to learn more about installing apps or add-ons.

Most Splunk apps and add-ons are completely free and work with both the Free and Enterprise versions of Splunk 4.x. If you're looking for apps for older versions of Splunk, visit the Splunkbase Archive.

Build Your Own

The Splunk developer framework makes it easy to turn your Splunk work into custom apps and add-ons. Read the Developer Manual to find out how.

Come back to Splunkbase when you're ready to show your app to the world and visit the Share page to upload your app to the Splunk community.