netfilter (iptables) technology add-on (TA) for Splunk
This app provides field extractions and normalisation to the Common Information Model.
Install this app on heavy forwarders, indexers and search heads.
N.B. This app will automatically change the sourcetype of iptables events with the sourcetype of "syslog" into the "linux:netfilter" sourcetype.
Further documentation is provided in the wiki here: https://github.com/doksu/TA_netfilter/wiki