Skip to content


Repository files navigation

Splunk > Splunkgit

This application needs an awesome software called Splunk.

Currently the application is tested and the documentation written for Mac OS X 10.7

Stuff in this repository are mentioned on a four part blog series.

Released v1.3.0.1 (12/19/2012)

  • Edited!!

Released v1.3! (12/19/2012, because of it's been a long time)

  • Fixes problem with grep -P, where -P is not supported by all grep versions.
  • Fixes git author page for Splunk 5.x
  • Some extractions of code, to hopefully make somethings easier to understand.
  • Splunking commit messages (No dashboards with this data yet)
  • Can splunk any source files (Non are enabled and there are no dashboards yet)

Released v1.2.1! (02/15/2012)

  • All repositories are now non-flash, aka mobile supported.
  • Increased the days shown in multiple repositories from last 2 weeks to last 30 days.

Released v1.2! (01/16/2012)

  • You can now watch multiple repositories in semi real-time!
  • Less configuration
  • Faster updating scripts

Getting started

Installing splunk

Generic instructions

  • Download Splunk for your platform.
  • Unpack/Install Splunk by running the downloaded files.
  • Follow the instructions on screen
  • When done continue to Installing Splunkgit App section

<SPLUNK_ROOT> will from now on refer to the direcotry where you've extracted splunk.

Installing splunkgit

  • Make sure splunk is not running
  • Open Terminal app
  • Goto app directory: cd etc/apps
  • Download the app: git clone git://
    You can also download a released version from the tags page.


  • Make sure splunk is not running
  • Open Terminal app
  • Goto <SPLUNK_ROOT>/etc/apps/splunk-app-aplunkgit
  • Edit local/splunkgit.conf with a text editor (open -e local/splunkgit.conf) and assign the following values:
    • repo_addresses= The addresses to the repos, use the read-only address. Ex: git:// You can have one or multiple repositories, space separated
    • user= Splunk user login so our scripts can search in Splunk
    • password= Splunk password for the user

Configurating multiple repositories in semi real-time

  • Edit local/splunkgit.conf and assign repo_addresses= with multiple repositories by separating the repositories with a space. Ex: repo_address=git:// git:// git://

  • Copy default/inputs.conf to the local directory

  • Set the interval value of the script to a low value. Ex: 20 The git repositores will now be updated each 20 seconds. The views in multiple repositories dashboard will be updated whenever there's more data.

Changing repository

  • Make sure splunk is not running

  • Run the following command to wipe all app data from splunk:

      splunk clean eventdata -f -index splunkgit
  • Change the splunkgit.conf file, as described in Configuration section, to point to the new repo.

Starting and stopping Splunk

  • Open Terminal
  • Start splunk bin/splunk start
    • On you web browser goto http://localhost:8000
    • If asked enter your name and user name (default value is admin:changeme)
    • If you change the password, you also need the change the configuration file to match this.
  • Stop splunk: bin/splunk stop

Third party libraries

Known issues

  • If you clone this repository, install the app and start up Splunk without configurating your own splunkgit.conf (as explained in Changing repository) splunk will get git repository data from this repositories .git directory.


Copyright 2012 Splunk, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.