http://www.splunkbase.com/feed/apps.rss/Custom%20Processing Latest SplunkBase Applications filtered by Custom Processing erik Wed, 03 Sep 2008 00:35:48 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:Splunk+for+VMware+ESX+Management eaba98b4f8386d4ed8552c81028cf465 This Splunk application manages VMware ESX and VMware VirtualCenter systems. It includes inputs, indexing, searches, reports and dashboards. nimishd Wed, 13 Aug 2008 17:07:55 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:Consuming+Splunk+RSS+Feeds+in+Java 7a4842c44867d34be1ca7146c4cc6594 This application demonstrates how to consume an RSS alert feed in Java from any saved search from Splunk. It uses Sun's RSS parser (included) to gather the feed and breaks up the fields into a Java Bean. Since the RSS Splunk Alert presents meta information about saved search, the included Link in the RSS entry is then used within the same command line application to retrieve each entry from the saved search using the Splunk provided Java SDK. It is hoped that this code will be used to better serve the Splunk Java community for: - A method to consume RSS feeds from SPlunk with Java - A way to use the feed's link to gather all entries from a saved search - A foundation to pass search entries to higher level Java applications Splunk Sat, 26 Apr 2008 21:28:56 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:Splunk+Replay d63730ba49f07050b89da3eb523ec6a8 Inspired by glTail.rb and Digg Lab’s Stack, Splunk Replay is a Flash-based, data visualization tool which “replays” your Splunk'd logfile activities in an animated layout. Replay generates animated barchart graphs using two extracted fields from the events it receives from Splunk. For example, if you have Splunk eat wiki data, you can plot the wiki user and wiki page they are editing, and then animate those relationships over a given time range. Events particles are emitted from rows on the y-axis and stack up in columns x-axis. When a new row value is created, a random color is assigned to it for the duration of the session. These colors are then used in stacked bars to illustrate the amount of activity for a given row value. Older values on both axis are cycled out if more room is needed for newer data. More information, and instructions for installing replay can be found on the developer's wiki: http://code.google.com/p/splunk-flash/wiki/SplunkReplay yantisj Fri, 04 Apr 2008 14:41:38 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:Splunk+Alert 8e2c2a15568cedc48cb46355dbdd805b Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output shaggy Tue, 18 Mar 2008 22:06:36 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:Splunk+Parse 6d1bf077e7913237de81dfbcae840b6c Splunk Parse (splunk_parse.py) is a python script you can set as your alert action on a saved search. It reads in the fields a saved search passing along and parses the corresponding saved search log file which is in CSV format. The parsing spits out the originating host and the full original problem. In this version it's feed to my ticketing system, but the output action can be easily changed. araitz Tue, 18 Dec 2007 19:25:57 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:Sancp%7FSguil+Add-on 86554233c6f753ca862119b8d13bdb0e This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format. will Tue, 11 Dec 2007 00:46:47 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:EMC+Smarts+archive+log 74477be0eea74f4af9e511e74a5918a2 Line merging rule for EMC Smarts archive log deeann Tue, 02 Oct 2007 20:22:09 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:Enable+SSL+in+Splunk 773eae93545d03bcc0c19629fe23724d A quick and simple add-on that enables SSL for your pre-3.2 Splunk server and Web interface. carasso Mon, 20 Aug 2007 01:23:57 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:adds+support+for+anonymizing+log+files+at+index+time 68d72996a68ce809bc4d3c7b54916d9e anonymizes ip address as 127.0.0.1 (localhost); email addresses as user@domain.com ; social-security-numbers as 555-00-0000; password/passwd looking values as 'password' ; username/userid/login/user looking values as 'bob'. ssorkin Fri, 17 Aug 2007 20:07:35 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:Ironport+field+extractions 54b9c491e0030048e9dc8718f26927d9 Provides file classification, date extraction, and extractions for ironport data. andrea Mon, 13 Aug 2007 03:26:17 +0000 http://www.splunkbase.com/apps/Custom%20Processing/app:feorlen_twitter_alert 9fcc3a25cf99144267c02b2d69c03227 Example of using a 3rd party REST endpoint with a Splunk custom processor. Post a message to Twitter for sourcetype::access_common events containing the string "wikipedia" and add status info to the event so it gets indexed. Includes C++ source and osx-i386 binary.