awesome-splunk

Mason's curated list of awesome Splunk projects and resources

Toc

• awesome-splunk - Toc
  • Community
  • Cheat Sheets
  • Data Ingestion
  • Monitoring Splunk
  • Open Source Utilities
  • Automation
  • CI & CD
  • Splunk Conference
  • Splunkbase Addons

Community

• Slack - Splunk's official community Slack team (splunk-usergroups)
• Splunk Answers - Splunk Answers Community Q&A

Splunk Conference

• Splunk Conference - Splunk .conf website
• Watch Splunk Conference Sessions - Download slides and videos from previous Splunk .conf sessions

Automation

• Splunk Ansible - Splunk's official Ansible role (used by Splunk's official Docker image)
• Splunk Docker - Splunk's official Docker image
• Ansible Splunk Callback - Ansible callback for sending task and play logs to Splunk's HTTP Event Collector (HEC)
• Chef Cookbook - A Chef Cookbook for installing and configuring Splunk forwarders and servers

Splunkbase Addons

Visualizations

New Splunk Alert Actions

• HTTP Alert Action - Send HTTP(S) requests [GET|POST] with custom headers, method, etc. with an option to ingest response to index
• Syslog Mod Alert - Send generic or CEF syslog events
• Alert Manager
• Alert Schedule - Create custom alert schedules using provided lookup files
• SSH Alert Actions (for Linux 64-bit) - Send search results over SFTP or execute shell commands on remote systems via SSH.
• Sendresults - Improved version of Splunk's email alert action that supports CSS, dynamic evaluation of email "to" and "subject" fields, multiple recipients, etc.

Apps for Splunk Admins

• Lookup Editor - Splunk Web App for Editing Lookup Files
• DB Connect - Splunk App for interacting with databases
• Gemini KV Store Tools - KV store backup/restore, delete key records, KV store alert action
• TA-SyncKVStore - Automatic synchronization of KV stores between separate Splunk instances, index local/remote KV stores as JSON using modular inputs
• TrackMe - Monitoring and alerting tool for availability of data sources within Splunk
• License Monitor for Splunk - Get insights about your actual license usage of your splunk enviroment
• Unified Forwarder Monitoring App for Splunk - Forwarder monitoring with metrics from DMC and DS combined Security Apps
• Security Essentials - Splunk Security Essentials

Open Source Utilities

• Splunk Admin Alerts - Splunk app with prepackaged alerts for monitoring and troubleshooting Splunk Enterprise deployments
• KV Store Backup - Python script to backp up KVStore collections via the REST API
• KV Store Synch - Splunk TA to provide both modular inputs and a modular alert for synchronizing KVStore content across Splunk instances
• HEC Modular Alert - Splunk Modular Alert to send search results to a Splunk HTTP Event Collector (HEC)
• HEC Python Class - Python class to submit events to Splunk HTTP Event Collector
• Splunk Plugin for Hashicorp Vault - Hashicorp Vault plugin to securely manage Splunk admin accounts and password rotation
• Docker Logging Driver - Docker Logging Driver for Splunk