http://www.splunkbase.com/feed/apps.rss/Searches Latest SplunkBase Applications filtered by Searches raffy Thu, 28 Aug 2008 17:15:22 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+for+Network+Security 8a48676a95f0f7c3a5c567aa9f159b0e The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems. Splunk Wed, 27 Aug 2008 17:48:41 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+for+PCI dee992af056843fe38d6ed22d52676c5 The Splunk PCI application offers over 57 reports, more than 91 saved searches, a dashboard, and corresponding alerts you can use to satisfy PCI requirements such as secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting. Splunk Thu, 21 Aug 2008 18:30:59 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+for+UNIX 94bc942e8cd8c90bf64d566700735e5d The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, and netstat are supported. Splunk Wed, 20 Aug 2008 23:53:35 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+for+CISCO+PIX 740e6413701ddc9ceccf7ac81e2f90c6 Cisco PIX firewall log bundle that indexes and extracts common fields, normalizing PIX firewall logs so they are Splunk-compliant and will work with other Splunk applications. erik Fri, 15 Aug 2008 03:17:24 +0000 http://www.splunkbase.com/apps/Searches/app:Web+Page+Monitor 9f5cf71efea79575dcb8050cb6518d02 This bundle will check a set of webpages every interval and index the result, time, size and optionally content and or crc of page(s). Its cool to do searches to see when your pages change, take long to load, or many other cool things. raffy Wed, 13 Aug 2008 21:53:02 +0000 http://www.splunkbase.com/apps/Searches/app:AfterGlow+Graphing 4f2e1c0df533194486f4ec74e385ed66 This new search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application! nimishd Wed, 13 Aug 2008 17:07:55 +0000 http://www.splunkbase.com/apps/Searches/app:Consuming+Splunk+RSS+Feeds+in+Java 7a4842c44867d34be1ca7146c4cc6594 This application demonstrates how to consume an RSS alert feed in Java from any saved search from Splunk. It uses Sun's RSS parser (included) to gather the feed and breaks up the fields into a Java Bean. Since the RSS Splunk Alert presents meta information about saved search, the included Link in the RSS entry is then used within the same command line application to retrieve each entry from the saved search using the Splunk provided Java SDK. It is hoped that this code will be used to better serve the Splunk Java community for: - A method to consume RSS feeds from SPlunk with Java - A way to use the feed's link to gather all entries from a saved search - A foundation to pass search entries to higher level Java applications erik Thu, 07 Aug 2008 20:58:07 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+for+IMAP faf88f0ebec2f68db41a4f2aea2a7181 This application will continually download mail from an imap account where it is indexed by a splunk server. You can do cool things like see how often you get mail from someone, graph by size, time, etc. Splunk Wed, 06 Aug 2008 19:24:43 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+Assist+Application 16d461f792b145f5013e340ef71a503a The Splunk assist application is to be used for troubleshooting, monitoring, and enhancing the performance of Splunk. The application contains a group of files that contains searches and configuration options that will assist in your use of Splunk. Splunk Wed, 23 Jul 2008 23:01:41 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+for+Change+Management 95d9940cef25692b9483d352c8ed494c Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files. joshs Mon, 23 Jun 2008 15:55:31 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+License+Usage 42617110e606da673fcdc71fe2b896e5 This bundle provides a new dashboard which has several widgets that query to help you determine your Splunk license usage total over the past 24 hours as well as usage by host, source, and sourcetype. It contains timecharts to help you understand usage over time and see usage spikes as well as pie charts to help you to figure out which log files, sourcetypes, and hosts Splunk is indexing the most data from. Splunk Wed, 28 May 2008 22:12:24 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+for+Citrix+XenServer+Management 931cc18d8db03fec361e7e2dfd2c99bd This Splunk application manages Citrix XenServers. It includes inputs, indexing, searches, reports, dashboards and field actions. yantisj Fri, 04 Apr 2008 14:41:38 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+Alert 8e2c2a15568cedc48cb46355dbdd805b Command line utility to more easily search the splunk database, log specific errors and execute commands on a match. Comes with several predefined searches for cisco networking, and is easily extended. -s search Predefined search to run, use 'list' for options -cs string Custom search string passed in with quotes -l file Log results to file, appends by default -e email_addr Email addresses comma separated -x command Execute a command on a match -t time_restrict Suppress email alerts by time of day, use 'list' for options -d days Search over this many days in the past (default: 1) -m minutes Search over this many minutes in the past -c maxnum Max number of results (default: 100) -r Reverse results, (newest to oldest) -w Raw results, do not strip off timestamps -q Quiet Output, suppress errors -v Verbose output joshs Mon, 23 Jun 2008 15:55:31 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+License+Usage e1f6da8085aac1bb37f5bdab331a34a7 This bundle provides a new dashboard which has several widgets that query to help you determine your Splunk license usage total over the past 24 hours as well as usage by host, source, and sourcetype. It contains timecharts to help you understand usage over time and see usage spikes as well as pie charts to help you to figure out which log files, sourcetypes, and hosts Splunk is indexing the most data from. shaggy Tue, 18 Mar 2008 22:06:36 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+Parse 6d1bf077e7913237de81dfbcae840b6c Splunk Parse (splunk_parse.py) is a python script you can set as your alert action on a saved search. It reads in the fields a saved search passing along and parses the corresponding saved search log file which is in CSV format. The parsing spits out the originating host and the full original problem. In this version it's feed to my ticketing system, but the output action can be easily changed. ssorkin Thu, 06 Mar 2008 01:23:34 +0000 http://www.splunkbase.com/apps/Searches/app:Web+access+reports 9f1b09f6b813de49dab86ad3a7ab8674 Provides saved web access reports that you can access when needed. nick Wed, 05 Mar 2008 21:37:27 +0000 http://www.splunkbase.com/apps/Searches/app:twiki+logs 5a4fe80afcf0571e3f24ed6bf20bf0ae Contains the basic extractions as well as some saved searches, reports, event types, and custom dashboard modules. jon Tue, 04 Mar 2008 00:49:02 +0000 http://www.splunkbase.com/apps/Searches/app:nscreen ed90be4ca3bd609a480731d22e9e2bcf This bundle is for field extraction and reporting on netscreen firewalls m@ Mon, 03 Mar 2008 22:49:42 +0000 http://www.splunkbase.com/apps/Searches/app:Linux+Failed+Login 8ee78fa910e4c692a083cd7b0b631cdc A series of saved searches to detect common login failures on Linux hosts. BSplunk Mon, 01 Oct 2007 17:05:39 +0000 http://www.splunkbase.com/apps/Searches/app:Brian%27s+valgrind+bundle 88d83453e8b02fdb2e84a491c7d25ab6 aggregates and extracts information from valgrind logs amrit Fri, 07 Sep 2007 19:13:48 +0000 http://www.splunkbase.com/apps/Searches/app:Eggdrop+IRC 796b3de734cc043d507b676fd7132949 A simple bundle to parse channel name, action status & msg, and user nick out of Eggdrop IRC channel logs. maverick Fri, 07 Sep 2007 04:20:12 +0000 http://www.splunkbase.com/apps/Searches/app:Nessus+Bundle 761b6685ad2bb1f397ab50934bd0affe This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type. maverick Fri, 07 Sep 2007 04:18:53 +0000 http://www.splunkbase.com/apps/Searches/app:Negative+Searching+Demo+Bundle 5c0f7184d8c648bae1e1991d91f83aef This bundle, created jointly by Maverick and Stephen Sorkin, demonstrates a way to perform negative searches by indexing known patterns and catching anomalous patterns into a separate index. maverick Fri, 07 Sep 2007 04:16:47 +0000 http://www.splunkbase.com/apps/Searches/app:Arkeia 3b217e3bda333d2eb467cb0dd83ad7ff Arkeia Network Backup Bundle used to index the common fields from the backup log file to make searching and reporting easier. andrea Wed, 05 Sep 2007 18:30:16 +0000 http://www.splunkbase.com/apps/Searches/app:SplunkWidget b1d193511802f6e0270f1fcf9fbfc10f Widget for the OS X Dashboard to list your saved searches and alerts. Double click on the uncompressed SplunkWidget to install, see the README.txt file for more info. Requires OS X Tiger, 10.4.3+ nick Sat, 01 Sep 2007 00:18:05 +0000 http://www.splunkbase.com/apps/Searches/app:Splunk+internal+front+end+development+bundle dd9a273ee57c6d3398881ea3d8a7d87d This bundle right now just implements a simple dashboard to keep track of some simple Front end things around the Splunk interface itself. Searches on this dashboard show last-24-hours charts of - Splunk logins, splunk searches executed, indexing throughput, and longest query time. NOTE: this bundle is more notable probably because it shows how you can bundle a dashboard. HOWEVER the configuration for dashboards will still undergo a very significant amount of change, so beware that this area will require more maintenance than most... =) steveyz Fri, 17 Aug 2007 22:36:50 +0000 http://www.splunkbase.com/apps/Searches/app:steveyz_bundle 14fc828bdfebd96679ed9e5aae4303f9 A few useful searches leveraging the monitoring bundle data, using the multikv operator