http://www.splunkbase.com/feed/apps.rss/All Latest SplunkBase Applications (All types/categories) Splunk Tue, 14 Oct 2008 17:50:11 +0000 http://www.splunkbase.com/apps/All/app:Splunk+Assist+Application 16d461f792b145f5013e340ef71a503a The Splunk assist application is to be used for troubleshooting, monitoring, and enhancing the performance of Splunk. The application contains a group of files that contains searches and configuration options that will assist in your use of Splunk. d3 Tue, 14 Oct 2008 15:01:58 +0000 http://www.splunkbase.com/apps/All/app:FortigateFW 4857fea8ede68b7aec6e4ba206922ff0 Modified version of nscreen to work with Fortinet Fortigate firewall syslog files. Splunk Mon, 13 Oct 2008 16:43:21 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+Windows+Management 47060fc48e4f93e3795890aafc5c8267 Splunk for Windows is an application that integrates Microsoft’s System Center Operations Manager’s command-and-control view of a Windows infrastructure with Splunk’s IT Search. erik Fri, 10 Oct 2008 23:47:49 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+VMware+ESX+Management eaba98b4f8386d4ed8552c81028cf465 Splunk indexes all IT data across every tier - the physical servers, hypervisor, VMs, and deployed applications, capturing and persisting 100% of your data in real-time. It includes inputs, indexing, searches, reports and dashboards. Splunk Fri, 10 Oct 2008 22:42:18 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+PCI dee992af056843fe38d6ed22d52676c5 The Splunk PCI application offers over 57 reports, more than 91 saved searches, a dashboard, and corresponding alerts you can use to satisfy PCI requirements such as secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting. Splunk Thu, 02 Oct 2008 19:46:52 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+Change+Management 95d9940cef25692b9483d352c8ed494c Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files. Splunk Wed, 01 Oct 2008 22:28:16 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+Snare d1622685eb55d92d97a3d0883d347583 The Splunk for Snare application offers eventtypes and field extractions for Snare collecting Windows events. Splunk Wed, 01 Oct 2008 19:08:25 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+Network+Security 8a48676a95f0f7c3a5c567aa9f159b0e The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems. rataide Tue, 16 Sep 2008 19:43:30 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+tcpdump 3e648d0b4dd134ececd859d7c4ca11b3 This application will allow you to collect data from a tcpdump standard output directly into Splunk, it will also perform the necessary field extractions based on the Common Information Model This application is compliant with the 3.3.x standard. Splunk Fri, 05 Sep 2008 23:29:25 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+Network 5a25fb41ca4703988250b99417eca178 This is a simple application to monitor change on network device configurations. It runs a scripted input to request the network device upload it's configuration file to a tftp server. The input reads /tftpboot for any files that get uploaded and indexes them through the fschange source. Splunk Fri, 05 Sep 2008 23:27:48 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+Jira f590d7531f1ec3f3b8286ec84d1ee2e0 This application reads in issues for a Jira server. It uses a scripted input that accesses the Jira remote SOAP interface. Splunk Thu, 04 Sep 2008 16:51:01 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+CISCO+PIX 740e6413701ddc9ceccf7ac81e2f90c6 Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications. rataide Tue, 02 Sep 2008 09:05:38 +0000 http://www.splunkbase.com/apps/All/app:Reverse+Name+Resolution+Search+Script+%28DNS%29 0a8b9555b05f1ff8bf155e9f628113e4 This search script (nslookup.py) will perform reverse name lookup on every IP from an event at search time. kbains Thu, 28 Aug 2008 21:13:56 +0000 http://www.splunkbase.com/apps/All/app:Tranaction+eventbreaker 028786f9edffc1c9c18c9952e4b1f18c When doing a CLI search for transactions, it can be hard to know the start and end points of the events. This script adds line breaks (with timestamps) between the events. Splunk Thu, 21 Aug 2008 18:30:59 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+UNIX 94bc942e8cd8c90bf64d566700735e5d The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, and netstat are supported. Splunk Wed, 20 Aug 2008 18:31:47 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+Snort c4de85d8c07f02e7aae87c5d2cf2f925 This application applies to Snort alert logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards). raffy Mon, 18 Aug 2008 23:24:52 +0000 http://www.splunkbase.com/apps/All/app:OpenBSD+Packet+Filter 2f14c07247b6405bdfd89eccd3029a13 This bundle contains field extractions and eventtypes for OpenBSD firewall events. raffy Mon, 18 Aug 2008 23:21:49 +0000 http://www.splunkbase.com/apps/All/app:IPFW+Firewall 916954b39e6fa95fba91c6ba82c82f95 This application contains field extractions and eventtypes for IPFW firewall log files. erik Fri, 15 Aug 2008 03:17:24 +0000 http://www.splunkbase.com/apps/All/app:Web+Page+Monitor 9f5cf71efea79575dcb8050cb6518d02 This bundle will check a set of webpages every interval and index the result, time, size and optionally content and or crc of page(s). Its cool to do searches to see when your pages change, take long to load, or many other cool things. raffy Wed, 13 Aug 2008 21:53:02 +0000 http://www.splunkbase.com/apps/All/app:AfterGlow+Graphing 4f2e1c0df533194486f4ec74e385ed66 This new search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application! nimishd Wed, 13 Aug 2008 17:07:55 +0000 http://www.splunkbase.com/apps/All/app:Consuming+Splunk+RSS+Feeds+in+Java 7a4842c44867d34be1ca7146c4cc6594 This application demonstrates how to consume an RSS alert feed in Java from any saved search from Splunk. It uses Sun's RSS parser (included) to gather the feed and breaks up the fields into a Java Bean. Since the RSS Splunk Alert presents meta information about saved search, the included Link in the RSS entry is then used within the same command line application to retrieve each entry from the saved search using the Splunk provided Java SDK. It is hoped that this code will be used to better serve the Splunk Java community for: - A method to consume RSS feeds from SPlunk with Java - A way to use the feed's link to gather all entries from a saved search - A foundation to pass search entries to higher level Java applications Splunk Tue, 12 Aug 2008 23:10:56 +0000 http://www.splunkbase.com/apps/All/app:splunk2nagios 45e012497f119c83d7e2a4e3e58c5fc7 This add-on helps you set up Splunk to Nagios integration erik Thu, 07 Aug 2008 20:58:07 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+IMAP faf88f0ebec2f68db41a4f2aea2a7181 This application will continually download mail from an imap account where it is indexed by a splunk server. You can do cool things like see how often you get mail from someone, graph by size, time, etc. andrea Thu, 31 Jul 2008 19:33:18 +0000 http://www.splunkbase.com/apps/All/app:WordPress+Splunk+Demo+Widget 2e61cfc4c0ce465c60ef5cd7958ce740 A sample WordPress widget to do a search via the REST API and display the results in a Widget rataide Thu, 10 Jul 2008 18:58:23 +0000 http://www.splunkbase.com/apps/All/app:Squid+Web+Proxy 28b667bd334e8ba8a3d4e9759d5b1d12 == Squid Application == This application will provide additional field extractions for Squid Proxy Server access_log files == Using Squid Application == At search time the following additional fields will be available: - duration - clientip - action - http_status - bytes - method - uri - proto - uri_host - uri_port - uri_path - username - hierarchy - server_ip - content_type joshs Mon, 23 Jun 2008 15:55:31 +0000 http://www.splunkbase.com/apps/All/app:Splunk+License+Usage 42617110e606da673fcdc71fe2b896e5 This bundle provides a new dashboard which has several widgets that query to help you determine your Splunk license usage total over the past 24 hours as well as usage by host, source, and sourcetype. It contains timecharts to help you understand usage over time and see usage spikes as well as pie charts to help you to figure out which log files, sourcetypes, and hosts Splunk is indexing the most data from. Splunk Wed, 28 May 2008 22:12:24 +0000 http://www.splunkbase.com/apps/All/app:Splunk+for+Citrix+XenServer+Management 931cc18d8db03fec361e7e2dfd2c99bd This Splunk application manages Citrix XenServers. It includes inputs, indexing, searches, reports, dashboards and field actions. kbains Tue, 27 May 2008 19:03:24 +0000 http://www.splunkbase.com/apps/All/app:Syslog+Priority+Decoder 69da00792c2bcdd67f0b5ac341aef920 this searchscript converts syslog priority into the appropriate severity and facility. Splunk Fri, 16 May 2008 23:30:02 +0000 http://www.splunkbase.com/apps/All/app:CheckPoint+OPSEC+LEA+Application 3d146d4b3b3e0cb8086f5f952a40e868 This application contains an OPSEC LEA application to drop into Splunk 3.0 or later, offering a client, event types, and field extractions. It functions on Linux and on Solaris with gmake and gcc installed. The application conforms with the Splunk application standard, meaning that it uses common field names for its data. shaggy Fri, 16 May 2008 19:01:17 +0000 http://www.splunkbase.com/apps/All/app:Solaris+10+SMF+manifest+for+Splunk+3.x cf00559ede945e50c8de8760d2feaebe This is an xml manifest file that can be imported into Solaris 10s SMF framework and used to control (start|stop|restart) the Splunk server processes. kordless Mon, 28 Apr 2008 09:04:09 +0000 http://www.splunkbase.com/apps/All/app:Splunk+Globe da984f6d31188f2ac3b28eb6522453dd Splunk Globe uses the Poly9 FreeEarth plugin. Splunk Globe queries a Splunk instance for the most recent IP addresses, then plots them on the globe. Updates occur in near real-time. Splunk Sat, 26 Apr 2008 21:28:56 +0000 http://www.splunkbase.com/apps/All/app:Splunk+Replay d63730ba49f07050b89da3eb523ec6a8 Inspired by glTail.rb and Digg Lab’s Stack, Splunk Replay is a Flash-based, data visualization tool which “replays” your Splunk'd logfile activities in an animated layout. Replay generates animated barchart graphs using two extracted fields from the events it receives from Splunk. For example, if you have Splunk eat wiki data, you can plot the wiki user and wiki page they are editing, and then animate those relationships over a given time range. Events particles are emitted from rows on the y-axis and stack up in columns x-axis. When a new row value is created, a random color is assigned to it for the duration of the session. These colors are then used in stacked bars to illustrate the amount of activity for a given row value. Older values on both axis are cycled out if more room is needed for newer data. More information, and instructions for installing replay can be found on the developer's wiki: http://code.google.com/p/splunk-flash/wiki/SplunkReplay yantisj Fri, 04 Apr 2008 14:41:38 +0000 http://www.splunkbase.com/apps/All/app:Splunk+Alert 8e2c2a15568cedc48cb46355dbdd805b Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output joshs Mon, 23 Jun 2008 15:55:31 +0000 http://www.splunkbase.com/apps/All/app:Splunk+License+Usage e1f6da8085aac1bb37f5bdab331a34a7 This bundle provides a new dashboard which has several widgets that query to help you determine your Splunk license usage total over the past 24 hours as well as usage by host, source, and sourcetype. It contains timecharts to help you understand usage over time and see usage spikes as well as pie charts to help you to figure out which log files, sourcetypes, and hosts Splunk is indexing the most data from. shaggy Tue, 18 Mar 2008 22:06:36 +0000 http://www.splunkbase.com/apps/All/app:Splunk+Parse 6d1bf077e7913237de81dfbcae840b6c Splunk Parse (splunk_parse.py) is a python script you can set as your alert action on a saved search. It reads in the fields a saved search passing along and parses the corresponding saved search log file which is in CSV format. The parsing spits out the originating host and the full original problem. In this version it's feed to my ticketing system, but the output action can be easily changed. araitz Fri, 14 Mar 2008 19:03:26 +0000 http://www.splunkbase.com/apps/All/app:Convert+2.2.x+conf+files+to+3.x d1ce2a6f3ca1c865070487736243768a Here's a script I wrote to convert 2.2 livesplunks.conf and savedsplunks.conf, cleaners.xml, and props.conf into 3.x savedsearches.conf, segmenters.conf, and props.conf. I hope to improve and add to it, so let me know if you have any ideas, or just go ahead and do it ssorkin Thu, 06 Mar 2008 01:23:34 +0000 http://www.splunkbase.com/apps/All/app:Web+access+reports 9f1b09f6b813de49dab86ad3a7ab8674 Provides saved web access reports that you can access when needed. nick Wed, 05 Mar 2008 21:37:27 +0000 http://www.splunkbase.com/apps/All/app:twiki+logs 5a4fe80afcf0571e3f24ed6bf20bf0ae Contains the basic extractions as well as some saved searches, reports, event types, and custom dashboard modules. jon Tue, 04 Mar 2008 00:49:02 +0000 http://www.splunkbase.com/apps/All/app:nscreen ed90be4ca3bd609a480731d22e9e2bcf This bundle is for field extraction and reporting on netscreen firewalls Splunk Mon, 03 Mar 2008 23:44:14 +0000 http://www.splunkbase.com/apps/All/app:splunk2netcool a2d5060f779e6047ba2c256ac5b6aafb splunk2netcool integration for splunk 3.0