Mason's curated list of awesome Splunk projects and resources
- Slack - Splunk's official community Slack team (splunk-usergroups)
- Splunk Answers - Splunk Answers Community Q&A
- Splunk Conference - Splunk .conf website
- Watch Splunk Conference Sessions - Download slides and videos from previous Splunk .conf sessions
- Splunk Ansible - Splunk's official Ansible role (used by Splunk's official Docker image)
- Splunk Docker - Splunk's official Docker image
- Ansible Splunk Callback - Ansible callback for sending task and play logs to Splunk's HTTP Event Collector (HEC)
- Chef Cookbook - A Chef Cookbook for installing and configuring Splunk forwarders and servers
Visualizations
New Splunk Alert Actions
- HTTP Alert Action - Send HTTP(S) requests [GET|POST] with custom headers, method, etc. with an option to ingest response to index
- Syslog Mod Alert - Send generic or CEF syslog events
- Alert Manager
- Alert Schedule - Create custom alert schedules using provided lookup files
- SSH Alert Actions (for Linux 64-bit) - Send search results over SFTP or execute shell commands on remote systems via SSH.
- Sendresults - Improved version of Splunk's email alert action that supports CSS, dynamic evaluation of email "to" and "subject" fields, multiple recipients, etc.
Apps for Splunk Admins
- Lookup Editor - Splunk Web App for Editing Lookup Files
- DB Connect - Splunk App for interacting with databases
- Gemini KV Store Tools - KV store backup/restore, delete key records, KV store alert action
- TA-SyncKVStore - Automatic synchronization of KV stores between separate Splunk instances, index local/remote KV stores as JSON using modular inputs
- TrackMe - Monitoring and alerting tool for availability of data sources within Splunk
- License Monitor for Splunk - Get insights about your actual license usage of your splunk enviroment
- Unified Forwarder Monitoring App for Splunk - Forwarder monitoring with metrics from DMC and DS combined Security Apps
- Security Essentials - Splunk Security Essentials
- Splunk Admin Alerts - Splunk app with prepackaged alerts for monitoring and troubleshooting Splunk Enterprise deployments
- KV Store Backup - Python script to backp up KVStore collections via the REST API
- KV Store Synch - Splunk TA to provide both modular inputs and a modular alert for synchronizing KVStore content across Splunk instances
- HEC Modular Alert - Splunk Modular Alert to send search results to a Splunk HTTP Event Collector (HEC)
- HEC Python Class - Python class to submit events to Splunk HTTP Event Collector
- Splunk Plugin for Hashicorp Vault - Hashicorp Vault plugin to securely manage Splunk admin accounts and password rotation
- Docker Logging Driver - Docker Logging Driver for Splunk