http://www.splunkbase.com/feed/apps.rss/All/Technologies Latest SplunkBase Applications in category Technologies Splunk Mon, 21 Jul 2008 18:21:47 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+for+Snort c4de85d8c07f02e7aae87c5d2cf2f925 This application applies to Snort alert logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards). Splunk Wed, 16 Jul 2008 23:56:41 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+for+UNIX 94bc942e8cd8c90bf64d566700735e5d The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, and netstat are supported. rataide Thu, 10 Jul 2008 18:58:23 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Squid+Web+Proxy 28b667bd334e8ba8a3d4e9759d5b1d12 == Squid Application == This application will provide additional field extractions for Squid Proxy Server access_log files == Using Squid Application == At search time the following additional fields will be available: - duration - clientip - action - http_status - bytes - method - uri - proto - uri_host - uri_port - uri_path - username - hierarchy - server_ip - content_type raffy Wed, 02 Jul 2008 00:07:37 +0000 http://www.splunkbase.com/apps/All/Technologies/app:AfterGlow+Graphing 4f2e1c0df533194486f4ec74e385ed66 This new search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application! joshs Mon, 23 Jun 2008 15:55:31 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+License+Usage 42617110e606da673fcdc71fe2b896e5 This bundle provides a new dashboard which has several widgets that query to help you determine your Splunk license usage total over the past 24 hours as well as usage by host, source, and sourcetype. It contains timecharts to help you understand usage over time and see usage spikes as well as pie charts to help you to figure out which log files, sourcetypes, and hosts Splunk is indexing the most data from. rataide Tue, 03 Jun 2008 09:59:56 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Reverse+Name+Resolution+Search+Script+%28DNS%29 0a8b9555b05f1ff8bf155e9f628113e4 This search script (nslookup.py) will perform reverse name lookup on every IP from an event at search time. Splunk Wed, 28 May 2008 22:12:24 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+for+Citrix+XenServer+Management 931cc18d8db03fec361e7e2dfd2c99bd This Splunk application manages Citrix XenServers. It includes inputs, indexing, searches, reports, dashboards and field actions. Splunk Fri, 16 May 2008 23:30:02 +0000 http://www.splunkbase.com/apps/All/Technologies/app:CheckPoint+OPSEC+LEA+Application 3d146d4b3b3e0cb8086f5f952a40e868 This application contains an OPSEC LEA application to drop into Splunk 3.0 or later, offering a client, event types, and field extractions. It functions on Linux and on Solaris with gmake and gcc installed. The application conforms with the Splunk application standard, meaning that it uses common field names for its data. Splunk Thu, 08 May 2008 17:33:31 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+Assist+Application 16d461f792b145f5013e340ef71a503a The Splunk assist application is to be used for troubleshooting, monitoring, and enhancing the performance of Splunk. The application contains a group of files that contains searches and configuration options that will assist in your use of Splunk. Splunk Mon, 05 May 2008 18:30:35 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+for+Windows+Management 47060fc48e4f93e3795890aafc5c8267 Splunk for Windows is an application that integrates Microsoft’s System Center Operations Manager’s command-and-control view of a Windows infrastructure with Splunk’s IT Search. SplunkAddons Sun, 27 Apr 2008 17:50:26 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+for+Network 5a25fb41ca4703988250b99417eca178 This is a simple application to monitor change on network device configurations. It runs a scripted input to request the network device upload it's configuration file to a tftp server. The input reads /tftpboot for any files that get uploaded and indexes them through the fschange source. Splunk Sat, 26 Apr 2008 21:28:56 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+Replay d63730ba49f07050b89da3eb523ec6a8 Inspired by glTail.rb and Digg Lab’s Stack, Splunk Replay is a Flash-based, data visualization tool which “replays” your Splunk'd logfile activities in an animated layout. Replay generates animated barchart graphs using two extracted fields from the events it receives from Splunk. For example, if you have Splunk eat wiki data, you can plot the wiki user and wiki page they are editing, and then animate those relationships over a given time range. Events particles are emitted from rows on the y-axis and stack up in columns x-axis. When a new row value is created, a random color is assigned to it for the duration of the session. These colors are then used in stacked bars to illustrate the amount of activity for a given row value. Older values on both axis are cycled out if more room is needed for newer data. More information, and instructions for installing replay can be found on the developer's wiki: http://code.google.com/p/splunk-flash/wiki/SplunkReplay yantisj Fri, 04 Apr 2008 14:41:38 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+Alert 8e2c2a15568cedc48cb46355dbdd805b Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output Splunk Sat, 29 Mar 2008 01:10:43 +0000 http://www.splunkbase.com/apps/All/Technologies/app:splunk2nagios 45e012497f119c83d7e2a4e3e58c5fc7 This add-on helps you set up Splunk to Nagios integration joshs Mon, 23 Jun 2008 15:55:31 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+License+Usage e1f6da8085aac1bb37f5bdab331a34a7 This bundle provides a new dashboard which has several widgets that query to help you determine your Splunk license usage total over the past 24 hours as well as usage by host, source, and sourcetype. It contains timecharts to help you understand usage over time and see usage spikes as well as pie charts to help you to figure out which log files, sourcetypes, and hosts Splunk is indexing the most data from. shaggy Tue, 18 Mar 2008 22:06:36 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+Parse 6d1bf077e7913237de81dfbcae840b6c Splunk Parse (splunk_parse.py) is a python script you can set as your alert action on a saved search. It reads in the fields a saved search passing along and parses the corresponding saved search log file which is in CSV format. The parsing spits out the originating host and the full original problem. In this version it's feed to my ticketing system, but the output action can be easily changed. araitz Fri, 14 Mar 2008 19:03:26 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Convert+2.2.x+conf+files+to+3.x d1ce2a6f3ca1c865070487736243768a Here's a script I wrote to convert 2.2 livesplunks.conf and savedsplunks.conf, cleaners.xml, and props.conf into 3.x savedsearches.conf, segmenters.conf, and props.conf. I hope to improve and add to it, so let me know if you have any ideas, or just go ahead and do it Splunk Thu, 06 Mar 2008 19:14:04 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Cisco+Pix+Firewall+Log+Bundle 740e6413701ddc9ceccf7ac81e2f90c6 Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications. ssorkin Thu, 06 Mar 2008 01:23:34 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Web+access+reports 9f1b09f6b813de49dab86ad3a7ab8674 Provides saved web access reports that you can access when needed. nick Wed, 05 Mar 2008 21:37:27 +0000 http://www.splunkbase.com/apps/All/Technologies/app:twiki+logs 5a4fe80afcf0571e3f24ed6bf20bf0ae Contains the basic extractions as well as some saved searches, reports, event types, and custom dashboard modules. jon Tue, 04 Mar 2008 00:49:02 +0000 http://www.splunkbase.com/apps/All/Technologies/app:nscreen ed90be4ca3bd609a480731d22e9e2bcf This bundle is for field extraction and reporting on netscreen firewalls erik Mon, 03 Mar 2008 23:46:40 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Splunk+for+IMAP faf88f0ebec2f68db41a4f2aea2a7181 This Addon will continually download mail from an imap account where it is indexed by a splunk server. You can do cool things like see how often you get mail from someone, graph by size, time, etc. Splunk Mon, 03 Mar 2008 23:44:14 +0000 http://www.splunkbase.com/apps/All/Technologies/app:splunk2netcool a2d5060f779e6047ba2c256ac5b6aafb splunk2netcool integration for splunk 3.0 m@ Mon, 03 Mar 2008 22:49:42 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Linux+Failed+Login 8ee78fa910e4c692a083cd7b0b631cdc A series of saved searches to detect common login failures on Linux hosts. will Mon, 03 Mar 2008 21:42:42 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Bladelogic+NSH+and+Agent+Logs 29db097c416a52e8bcb94a860b4ea713 This bundle contains field extractions for the Bladelogic agent and nsh log files. Some sample reports are also included. aspina Mon, 14 Jan 2008 21:35:28 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Perl+PDF+Report+Creator+%22Search+Command%22 5318ab6243c51a14a3163408d7ae1a8f Create customizable PDF reports using this perl script, which includes the Intersplunk.pm module written by Andrew Hoying. Some knowledge of Perl required to install the Perl PDF modules available via CPAN. Splunk Mon, 14 Jan 2008 18:36:24 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Windows+logs+through+Snare+fields%2C+inputs%2C+and+event+types d1622685eb55d92d97a3d0883d347583 This add-on applies to Windows logs captured through Snare, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards). Splunk Mon, 14 Jan 2008 18:33:07 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Sendmail+fields%2C+inputs%2C+and+event+types e6e1c2112286c360aa09c203dcdad2ab This add-on applies to Sendmail logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards). Splunk Mon, 14 Jan 2008 18:30:11 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Netcache+fields%2C+inputs%2C+and+event+types 3dda8837097357ffcdb02b8489237812 This add-on normalizes Netcache fields so that other Splunk applications understand them. Splunk Mon, 14 Jan 2008 18:22:47 +0000 http://www.splunkbase.com/apps/All/Technologies/app:iptables+fields%2C+inputs%2C+and+event+types 8e50a9451bd5816f9724fa6f991c34f5 This add-on applies to iptables firewall logs, normalizing their field names so they work well with other Splunk applications. Splunk Mon, 14 Jan 2008 18:22:06 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Exchange+fields+and+inputs c3c01540d9e1f1909b49230ea3661d5c This add-on applies to Microsoft Exchange event tracking logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards). araitz Wed, 19 Dec 2007 01:31:17 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Sonicwall+Firewall 744dc2c0b92faad8233e35bda951406b This bundle performs field extractions for sonicwall TZ 170 without the UTM/IDS modules araitz Tue, 18 Dec 2007 19:25:57 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Sancp%7FSguil+Add-on 86554233c6f753ca862119b8d13bdb0e This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format. tbird Sun, 18 Nov 2007 06:34:31 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Complete+Windows+Security+Log+Event+Types+v.+2 bd4b7431a2a2a8a56870b13b0e00759e Splunk event types for the Windows events described in the HOWTO on understanding the Microsoft Event Log Splunk Tue, 06 Nov 2007 23:24:42 +0000 http://www.splunkbase.com/apps/All/Technologies/app:WebLogic+Event+Types 1ecc7a19fb8c03170fe6510af75727db Field Extractions and Event Types that match events coming from WebLogic 9.2 and WebLogic 10.0. erik Fri, 02 Nov 2007 01:20:27 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Web+Page+Monitor 9f5cf71efea79575dcb8050cb6518d02 This bundle will check a set of webpages every interval and index the result, time, size and optionally content and or crc of page(s). Its cool to do searches to see when your pages change, take long to load, or many other cool things. deeann Thu, 18 Oct 2007 23:08:37 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Postfix+main.cf+field+extractions 21d2c0fe14ab80e15824e2d4fb820067 This Add-on extracts fields related to useful troubleshooting and configuration from the Postfix main.cf configuration file. tbird Thu, 18 Oct 2007 00:36:40 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Windows+Security+Log+Event+Types b51e0c024f0d8f2d4a3373dbc0d90ce3 Identifies event records from the Windows XP security log, such as firewall policy changes, user account management, and system reboots. araitz Fri, 12 Oct 2007 16:53:07 +0000 http://www.splunkbase.com/apps/All/Technologies/app:Watchguard+Firebox e2ee1fedc52b4d333682a90057c29666 Field Extractions for Watchguard Firebox vly Fri, 12 Oct 2007 06:51:05 +0000 http://www.splunkbase.com/apps/All/Technologies/app:WebLogic+Access 2fe0038ae954def137a22b7e57a06b98 Field Extractions for WebLogic HTTP Access Logs